Asus patches dangerous flaw in router firmware




Asus has for a number of routers, whether or not with an integrated DSL modem, new firmware released. These patches have to seal a dangerous leak, which can obtain an attacker full admin rights on the local network.

The updates are Asus released for the DSL AC68U, AC56U RT, RT-AC66U, RT AC68U , AC87U RT, RT-N56U and RT-N66U . Asus also has updates for the alternative Merlin firmware made available. With firmware updates Asus close a leak earlier this month was published on GitHub. There is also exploit code appeared online.

The bug is present in the so-called infosvr-service. This will scan the local network looking for other routers. In vulnerable firmware versions running infosvr with full root privileges. In addition, an attacker can by a bug in the service via a UDP broadcast on port 9999 gain full admin rights, then the settings can be changed.

Although the vulnerability can only be exploited via the local network, and not on the internet, is to obtain full admin rights by an attacker risky if the router is used for example for the provision of public hotspots. For router models that have not received any update, there are a number of available workarounds. So the service can be deactivated and can block the firewall port 9999.


In: Technology & Gadgets Asked By: [15509 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »