A security researcher yesterday evening a leak in different routers manufacturer Asus unveiled the device whereby a local attacker can take over completely and for which no security update is available.The vulnerability is caused by a service called infosvr on UDP port 9999 is listening on the LAN interface.
The service is used by a tool from Asus and should make it easier to set the router to automatically search for routers on the local subnet. Infosvr however shows the MAC address of an application is not good to check. Therefore an attacker to bypass authentication and by sending a packet to UDP port 9999 arbitrary commands to the router.
The vulnerability is present in the Asus RT-AC66U, RT-N66U and other models with the latest firmware. Researcher Joshua Drake discovered the problem advises to remove the ability to remotely execute commands on the router. "Even with strong authentication is sending a password over the LAN is not really desirable." Who still wants to have remote access can do this better over SSH notes the researcher.
Pending to update users have different capabilities. To set David Longenecker for order infosvr service off during startup. via script Eric Sauvageau recommends firewalling port 9999 and Drake gives itself as an option to disable the infosrv service after boot. Something which ironically can be done via the exploit that allows the leak abuse.
No comments:
Post a Comment