Two flaws in Asus Wi-Fi routers RT-AC1900P allow hackers to spy on you

0

Two critical flaws in Asus RT-AC1900P whole-home Wi-Fi model allow man-in-the-middle (MITM) attack and access to all data flowing through the router

If you own the Asus Wi-Fi Router RT-AC1900P model, now is the time to update its firmware. Security researchers from Trustwave have found very critical vulnerabilities in the Asus Wi-Fi Router which can allow potential hackers to conduct man-in-the-middle (MITM) attacks. Once the attack is successful, the hackers could have complete control over the data flowing through the target router.

The first flaw exists due to improper server certificate validation during the firmware update. in the Asus routers. This flaw has been issued a unique identifier, CVE-2020-15498. The flaw comes into play when the Asus Wi-Fi router uses GNU Wget to fetch firmware updates from ASUS servers. It’s possible to log in via SSH and use the Linux/Unix “grep” command to search through the filesystem for a specific string that indicates that the vulnerability is present: “–no-check-certificate.”

In the vulnerable routers, the files containing that string are shell scripts that perform downloads from the ASUS update servers, according to Trustwave’s advisory, issued on Thursday. This string indicates that there’s no certificate checking, so any potential hacker can use forged certificates and install malware/spyware on the Wi-Fi routers. The attack only works if the hacker is connected to the vulnerable router to perform a man in the middle attack (MITM). Once successful, the hacker would have complete access to all traffic going through the device.

Asus has since updated its firm and dispensed with the Wget option. The latest firmware eliminates the bug by not using the Wget option anymore.

The second flaw has been issued the unique identifier, CVE-2020-15499 and is a cross-site scripting (XSS) vulnerability in the Web Management interface related to a firmware update for the Asus routers. “The release notes page did not properly escape the contents of the page before rendering it to the user,” explained the firm. “This means that a legitimate administrator could be attacked by a malicious party using the first MITM finding and chaining it with arbitrary JavaScript code execution.”

ASUS fixed this in the latest firmware so that the release notes page no longer renders arbitrary contents verbatim.

“Since routers like this one typically define the full perimeter of a network, attacks targeting them can potentially affect all traffic in and out of your network,” warned Trustwave.

ASUS patched the issues in firmware version 3.0.0.4.385_20253. If you own an Asus Wi-fi router that is vulnerable to the above flaws, you should update your firmware immediately.

Share.

About Author

"The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had." Eric Schmidt

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments