Two critical flaws in Asus RT-AC1900P whole-home Wi-Fi model allow man-in-the-middle (MITM) attack and access to all data flowing through the router
If you own the Asus Wi-Fi Router RT-AC1900P model, now is the time to update its firmware. Security researchers from Trustwave have found very critical vulnerabilities in the Asus Wi-Fi Router which can allow potential hackers to conduct man-in-the-middle (MITM) attacks. Once the attack is successful, the hackers could have complete control over the data flowing through the target router.
The first flaw exists due to improper server certificate validation during the firmware update. in the Asus routers. This flaw has been issued a unique identifier, CVE-2020-15498. The flaw comes into play when the Asus Wi-Fi router uses GNU Wget to fetch firmware updates from ASUS servers. It’s possible to log in via SSH and use the Linux/Unix “grep” command to search through the filesystem for a specific string that indicates that the vulnerability is present: “–no-check-certificate.”
In the vulnerable routers, the files containing that string are shell scripts that perform downloads from the ASUS update servers, according to Trustwave’s advisory, issued on Thursday. This string indicates that there’s no certificate checking, so any potential hacker can use forged certificates and install malware/spyware on the Wi-Fi routers. The attack only works if the hacker is connected to the vulnerable router to perform a man in the middle attack (MITM). Once successful, the hacker would have complete access to all traffic going through the device.
Asus has since updated its firm and dispensed with the Wget option. The latest firmware eliminates the bug by not using the Wget option anymore.
ASUS fixed this in the latest firmware so that the release notes page no longer renders arbitrary contents verbatim.
“Since routers like this one typically define the full perimeter of a network, attacks targeting them can potentially affect all traffic in and out of your network,” warned Trustwave.
ASUS patched the issues in firmware version 18.104.22.168.385_20253. If you own an Asus Wi-fi router that is vulnerable to the above flaws, you should update your firmware immediately.