Thursday, March 28, 2024

All Versions of ASUS Routers Affected by Multiple Vulnerabilities that Allows to Gain Complete Router Access

Multiple critical vulnerabilities discovered in ASUS Routers that allow an attacker can able to gain complete control of the router access and this flaw existed in all the AsusWRT Routers.

There are 4 Vulnerabilities has been reported and all together will provide complete router access to attacker once router administrator login with his admin credentials then this flaw allows for retrieving the login/password using Administrator token.

According to seclists full disclosure, all the vulnerabilities are noticed to vendors and fixes has been realized.

Also Read Self-Destructive KillDisk Malware Overwrites then Deletes files and Force a Reboot

Highly Predictable Session Tokens (CVE-2017-15654)

This vulnerability allows an attacker can guess the administrator Login token in Router Which can be used to gain the admin user credentials when admin logged in the session.

stdlib rand function helps to generate a session token for an authenticated user and the Specific set of code initializes the random number generator each time a token is generated with router Login time.

Not Sufficient logged user IP validation(CVE-2017-15653)

Once attacker gain the session token using the Previous Vulnerability(CVE-2017-15653) attacker will perform the IP Verification mechanism and he will use special user-agent by sending the request.

Later Following Proof of Concept will be used for download current router configuration even if issued from a different than the logged user IP address

 curl "http://ROUTERADDRESS/s.CFG" -H "Cookie: asus_token=TOKEN" -H 'User-Agent:
asusrouter-asusrouter-asusrouter-asusrouter'

Password Stored in Plain Text (CVE-2017-15656)

Asus routers stored all the passwords in the Plaintext in NVRAM memory which allow to downloading the backup and decode the password which leads to anyone can extract and see the admin password by Executing NVRAM (Show NVRAM).

Logged-in Information disclosure

Based on the all 3 major flaw Attack finally can able to retrieve the active session and exploit the router and gain the admin level access and the possible attacker can control the complete network that connected with compromised Router.

Heap buffer overflow – ASUS Routers

Along with above vulnerability Heap buffer overflow in multiple HTTP headers allows for an unauthenticated remote code execution for the routers not upgradable from 3.0.0.4.376.

This vulnerability also have been fixed and assigned  CVE(CVE-2017-15655)

All these Vulnerabilities are notified to the specific vendor and they release a fixed version 3.0.0.4.382.18495.

But vendor REFUSED to fix the vulnerability as the routers using the vulnerable firmware are already EOL for Head Buffer Overflow.

Website

Latest articles

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles