ASUS Home Router Bugs Open Consumers to Snooping Attacks

[silversurfer]

Content source

https://threatpost.com/asus-home-router-bugs-snooping-attacks/157682/

A pair of flaws in ASUS routers for the home could allow an attacker to compromise the devices – and eavesdrop on all of the traffic and data that flows through them.

The bugs are specifically found in the RT-AC1900P whole-home Wi-Fi model, within the router’s firmware update functionality. Originally uncovered by Trustwave, ASUS has issued patches for the bugs, and owners are urged to apply the updates as soon as they can. [...]

ASUS patched the issues in firmware version 3.0.0.4.385_20253.

Full report by researchers:

ASUS Router Vulnerable to Fake Updates and XSS (CVE-2020-15498 & CVE-2020-15499)

Recently ASUS patched two issues I discovered in the RT-AC1900P router firmware update functionality. These vulnerabilities could allow for complete compromise of the router and all traffic that traverses it.

www.trustwave.com