Asus Wireless Routers Can Be Exploited By Anyone Inside the Network

An anonymous reader writes A currently unpatched bug in ASUS wireless routers has been discovered whereby users inside a network can gain full administrative control, according to recent research conducted by security firm Accuvant. Although the flaw does not allow access to external hackers, anyone within the network can take administrative control and reroute users to malicious websites, as well as holding the ability to install malicious software. The vulnerability stems from a poorly coded service, infosvr, which is used by ASUS to facilitate router configuration by automatically monitoring the local area network (LAN) and identifying other connected routers. Infosvr runs with root privileges and contains an unauthenticated command execution vulnerability, in turn permitting anyone connected to the LAN to gain control by sending a user datagram protocol (UDP) package to the router. In relevant part: The block starts off by excluding a couple of OpCode values, which presumably do not require authentication by design. Then, it calls the memcpy and suspiciously checks the return value against zero. This is highly indicative that the author intended to use memcmp instead. That said, even if this check was implemented properly, knowing the device’s MAC address is hardly sufficient authentication,” said Drake. Here are the technical details at GitHub.

DD-WRT?

[Sir_Eptishous]

What about ASUS routers flashed with DD-WRT or Tomato or somesuch?

Re:DD-WRT?

[hawguy]

Well that wouldn't be running the vulnerable service, now would it?

That was his question.

It's not obvious to everyone what runs in untouchable firmware (i..e a phone's baseband processor), what runs in the operating system, and what runs in application software. Just because someone knows enough to re-flash dd-wrt into a router, that doesn't mean that they know whether it's a full operating system or an application that runs on top of the router's firmware.