Security News Attention, Asus RT wireless router owners: Patch your gear now to squash web hijack bugs

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Buggy admin interface – where have we heard that before?

Asus RT wireless routers have joined the SOHOpeless list – with poor cross-site request forgery protection affecting 30 variants of the devices.

The design blunders, labeled CVE-2017-5891, hit RT-AC and RT-N variants using firmware older than version 3.0.0.4.380.7378.

The lack of CSRF protection means that if the user has left the default credentials – admin:admin – in place, or if an attacker knows the admin password, a malicious webpage can log into the router when visited by the victim. Nightwatch Cybersecurity, which discovered the issue, explained this week that the exploit is trivial: "Submit the base-64 encoded username and password as 'login_authorization' form post, to the '/login.cgi' URL of the browser."

A successful login means an attacker is able to change the router's settings, and hijack the DNS, for example, but Nightwatch admitted "we have not been able to exploit this issue consistently." Nightwatch also notes two JSONP bugs, which can reveal potentially sensitive information such as a network map and details about the router.

Asus has addressed the CSRF issues in a March firmware update, but doesn't consider one of Nightwatch's non-CSRF issues, CVE 2017-5892, to be serious enough to warrant a fix. Also include in the updated firmware are fixes for:

  • CVE-2017-6547, a cross-site scripting bug in the routers' HTTP daemon.
  • CVE-2017-6549, a session hijack vulnerability in the HTTP daemon.
  • CVE-2017-6548, a remote code execution buffer overflow in the routers' networkmap command.
Get patching if you haven't already.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top