This article is more than 1 year old

ASUS router-popping exploit on the loose

Local users become mighty admins

ASUS routers contain a vulnerability that turns users into admins, researcher Joshua Drake says.

The boxes could be exploited by malicious local users, but not those on the wider internet, re-rerouting all users on the network to malicious sites, among other attacks.

Drake wrote in an advisory that several popular models were affected including the RT-N66U
and RT-AC66U.

"Currently, all known firmware versions for applicable routers are assumed vulnerable," Drake said.

ASUS has been contacted for comment.


The unauthenticated command execution vulnerability is located in the infosvr service, which ran as root and listened on UDP broadcast port 9999. The service is designed, Drake said, to simplify router configuration by locating local routers.

Admins should remove the remote command execution functionality from infosvr or firewall it off, he said, as beaming passwords to LANs was not a good idea.

A working exploit has been published meaning affected admins should consider taking some action.

SOHO routers are commonly found to contain buggy code. ®

More about

TIP US OFF

Send us news


Other stories you might like