Taiwanese electronics company Asus has released an update for one of its routers that corrects an authentication bypass vulnerability discovered in the devices over the summer.
According to a note on Carnegie Mellon’s CERT Vulnerability Notes Database late Friday, the problem is that once an attacker gains access to the device, they can make their way to a certain website and learn the device configuration without entering log-in credentials.
The site, http://RouterIPAddress/qis/QIS_finish[.]htm, bills itself as the most comprehensive Router Database and is commonly used by end users to research router information and settings worldwide.
The vulnerability (CVE-2013-3610) allows attackers to view information – including the device’s administrator password – that should only be viewable to authenticated users, by being on the local area network.
Read More
