Slashdot Mirror

← Back to Stories (view on slashdot.org)

Asus Wireless Routers Can Be Exploited By Anyone Inside the Network

Posted by timothy on from the coming-from-inside-the-building dept.

An anonymous reader writes A currently unpatched bug in ASUS wireless routers has been discovered whereby users inside a network can gain full administrative control, according to recent research conducted by security firm Accuvant. Although the flaw does not allow access to external hackers, anyone within the network can take administrative control and reroute users to malicious websites, as well as holding the ability to install malicious software. The vulnerability stems from a poorly coded service, infosvr, which is used by ASUS to facilitate router configuration by automatically monitoring the local area network (LAN) and identifying other connected routers. Infosvr runs with root privileges and contains an unauthenticated command execution vulnerability, in turn permitting anyone connected to the LAN to gain control by sending a user datagram protocol (UDP) package to the router. In relevant part: The block starts off by excluding a couple of OpCode values, which presumably do not require authentication by design. Then, it calls the memcpy and suspiciously checks the return value against zero. This is highly indicative that the author intended to use memcmp instead. That said, even if this check was implemented properly, knowing the device’s MAC address is hardly sufficient authentication,” said Drake. Here are the technical details at GitHub.

5 of 68 comments (clear)

  1. If you're running Merlin's ASUS-WRT by the_skywise · · Score: 5, Informative

    He's already got a temporary patch up which will disable the vulnerable feature. (He also shows a few other ways of securing the issue)

    http://forums.smallnetbuilder....

  2. The full file by Anonymous Coward · · Score: 3, Informative

    Here's the full file common.c for those who want to read the source code.

    What do you think about the code?

  3. our users are secure by sloach · · Score: 4, Informative

    My company makes a product that runs on ASUS routers. We've put in a workaround to this vulnerability for our users - see our blog post on the subject here: https://www.aterlo.com/blog/

  4. Vulnerable, where "somesuch" == AsusWRT-Merlin by raymorris · · Score: 4, Informative

    You can tell the other people who replied to you to suck it, because routers running alternative firmware ARE vulnerable if that alternative firmware is forked from asuswrt. AsusWRT-Merlin is one example, and is actually shown in TFA.

  5. Re:People still use wireless routers? by hawguy · · Score: 3, Informative

    Just connect an access point to an OpenBSD box, and this crap won't happen.

    Why will that prevent it from happening? Anyone that owns the access point can inspect and modify all of the traffic that passes through it.