2nd collection of issues.ASUSWRT RT-AC53 () – Cross-Site Scripting – Hardware webapps Exploit
Cve-2017-6547.40 Asus RT Router Versions Are In Danger Of Easy Hacks
40 Asus RT Router Versions Tend To Be At Risk Of Simple Hacks
ASUSWRT – Numerous Weaknesses
Asus ASUSWRT Several Protection Weaknesses
ASUSWRT RT-AC53 (188.8.131.52.380.6038) – Cross-Site Scripting
First set of issues
CVE | Asus RT-AC53 cross web site scripting (BID / EDB)
The good news is that the company that discovered these flaws — Nightwatch Cybersecurity — has secretly reported the issues to Asus back January, plus the company features issued a firmware change in March. Users which use any one of the following Asus RT router models should check and see if they’re operating a firmware version of v3.
The firmware upgrade is present for grab here. Below is a summary of most of the found vulnerabilities. For all problems, Nightwatch specialist Yakov Shafranovich has published PoCs in the organization’s website.
What this means is an assailant can draw a user on a destructive site and issue a demand from that website towards the router’s login page. This attack requires the assailant becoming on a single system, and be aware of the router’s administrator password to ensure he is able to question the XML endpoint.
The firmware upgrade that patches the vulnerabilities described above also includes fixes for any other issues discovered by safety researcher Bruno Bierbaumer. Taken individually all those problems tend to be trivial, but an experienced attacker can chain all of them together and take-over routers, adding them to a botnet, and using these devices for his or her own operations, such as relaying malicious traffic or introducing DDoS attacks.
This, in change, decreases the router’s performance and local Net speed. Maybe not a member however? Enroll Now. To get regular revisions and report from BleepingComputer , please use the shape below.
Find out about what’s banned becoming published. May 11, have always been 0. 2nd group of problems The firmware improvement that patches the vulnerabilities described above also includes fixes for any other issues found by security specialist Bruno Bierbaumer. Catalin Cimpanu Catalin Cimpanu may be the safety Information publisher for Bleeping Computer, where he addresses topics such as for instance malware, breaches, vulnerabilities, exploits, hacking news, the Dark online, and some more.
For other contact methods, please visit Catalin’s author page. Past Article Next Article. You may even like:. Popular Stories. Newsletter signup to get regular revisions and development from BleepingComputer , be sure to use the form below. Login Username. Keep In Mind Me.
Sign in anonymously. Check in with Twitter Not an associate yet? Reporter assist us comprehend the problem. What is happening with this comment? Spam Abusive or Harmful Inappropriate content Strong language more Learn more about what’s banned becoming published.