ASUS router-popping exploit on the loose
Local users become mighty admins
ASUS routers contain a vulnerability that turns users into admins, researcher Joshua Drake says.
The boxes could be exploited by malicious local users, but not those on the wider internet, re-rerouting all users on the network to malicious sites, among other attacks.
"Currently, all known firmware versions for applicable routers are assumed vulnerable," Drake said.
ASUS has been contacted for comment.
The unauthenticated command execution vulnerability is located in the infosvr service, which ran as root and listened on UDP broadcast port 9999. The service is designed, Drake said, to simplify router configuration by locating local routers.
Admins should remove the remote command execution functionality from infosvr or firewall it off, he said, as beaming passwords to LANs was not a good idea.
A working exploit has been published meaning affected admins should consider taking some action.
SOHO routers are commonly found to contain buggy code. ®