ASUS Patches Root Command Execution Flaws Haunting Over a Dozen Router Models

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
ASUS released patches for over a dozen router models on Tuesday that are each vulnerable to multiple firmware flaws that when combined give a local unauthenticated attacker the ability to execute commands as root on targeted devices.

Routers models patched by ASUS are RT-AC88U, RT-AC3100, RT-AC86U, RT-AC68U and RT-AC66U. The flaw is related to ASUS firmware AsusWRT (versions before 3.0.0.4.384_10007), used in select models of the company’s router lines.

“The attack is done from the LAN side the network, as opposed to the WAN side. In other words, as far as we know you cannot exploit this from the internet,” according to network security firm Beyond Security, that disclosed the vulnerabilities earlier this week. “This (attack) works for someone in the your LAN – even if they are on a guest network – and it may lead to remote command execution.”

The two vulnerabilities are CVE-2018-6000 and CVE-2018-5999, a configuration manipulation flaw and a server authentication bypass flaw.


“Due to a number of coding errors, it is possible for an unauthenticated attacker in the LAN to achieve remote code execution in the router as the root user,” wrote researcher Pedro Ribeiro who discovered the flaw.


The first flaw (CVE-2018-5999) is tied to the ASUS router firmware and takes advantage of a weakness in the AsusWRT HTTP server and the way it handles requests via “handle_request()” which allows an unauthenticated user to perform a POST request for certain actions, according to Ribeiro.


“This can (and will) be combined with other vulnerabilities to achieve remote code execution,” he said.
Click to expand...
 
  • Like
Reactions: harlan4096
F

ForgottenSeer 58943

“This (attack) works for someone in the your LAN – even if they are on a guest network – and it may lead to remote command execution.”
Click to expand...

This is priceless.. The entire point of 'Guest' network is to function as a sort of VDOM and or VLAN to isolate clients. A long held suspicion was this wasn't properly handled on consumer routers with VDOMS internally and allowed access to user space execution. Essentially, 'Guest' on consumer routers is more of a placebo than anything and isn't true segregation.

To verify segregation you need to establish a VDOM, VLAN or different DHCP pool is in place. If none of the above are in place then there is likely no true segregation of your guests form other subnets EVEN IF your firewall/router claims there is. ASUS fails.
 
You must log in or register to reply here.

Similar threads

vtqhtr413
    • +Reputation
    • Like
Security News ASUS warns of critical remote authentication bypass on 7 routers
Replies
1
Views
1,668
Security News
blackice
blackice
Gandalf_The_Grey
    • +Reputation
    • Like
ASUS routers vulnerable to critical remote code execution flaws (patched)
Replies
1
Views
1,423
News Archive
codswollip
codswollip
MuzzMelbourne
    • Like
    • +Reputation
    • Applause
ASUS urges customers to patch critical router vulnerabilities
Replies
2
Views
1,299
News Archive
blackice
blackice

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top