UPDATE YOUR FIRMWARE: Asus RT Series Routers Have Flaws That Allow Web Hijack Exploits

If you have an Asus RT wireless router, then you might want to look at  CVE-2017-5891. It details that RT-AC and RT-N variants using firmware older than version can get pwned via cross-site request forgery exploit. Meaning that if the user has left the default credentials in place for whatever dumb reason, or if an attacker knows the admin password, a malicious webpage can log into the router when visited by the victim and alter settings. Then the router and by extension the network is effectively pwned. Or at least, that’s what could happen as Nightwatch Cybersecurity who are the people who discovered it explained in a post. The fact is that they were not able to exploit this flaw on a consistent basis. But he fact that is exists is reason enough for concern.

Asus has addressed the some of these issues in a March firmware update, but doesn’t consider one of Nightwatch’s other issues with this firmware which is CVE 2017-5892, to be serious enough to warrant a fix. Also include in the updated firmware are fixes for:

  • CVE-2017-6547, a cross-site scripting bug in the routers’ HTTP daemon.
  • CVE-2017-6549, a session hijack vulnerability in the HTTP daemon.
  • CVE-2017-6548, a remote code execution buffer overflow in the routers’ networkmapcommand.

Thus if you have an RT-AC or a RT-N series Asus router, you should upgrade your firmware ASAP.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: