http://www.zdnet.com/article/asus-routers-vulnerable-to-network-attack-exploit-published/
Security researcher Joshua Drake published an advisory warning that "all known firmware versions for applicable routers (RT-AC66U, RT-N66U, etc.) are assumed vulnerable."
The bug allows an attacker on the same network to take full administrative control of the router without the need for a password. The only known fix is to disable the troublesome infosvr service by killing the process when the affected device boots. That has to be performed each time the device restarts.
A working exploit was also published alongside the advisory.
While it may not be a major issue for those on private networks at home, those in offices or on public Wi-Fi are most at risk.
We've reached out to Asus but did not hear back at the time of writing.
Security researcher Joshua Drake published an advisory warning that "all known firmware versions for applicable routers (RT-AC66U, RT-N66U, etc.) are assumed vulnerable."
The bug allows an attacker on the same network to take full administrative control of the router without the need for a password. The only known fix is to disable the troublesome infosvr service by killing the process when the affected device boots. That has to be performed each time the device restarts.
A working exploit was also published alongside the advisory.
While it may not be a major issue for those on private networks at home, those in offices or on public Wi-Fi are most at risk.
We've reached out to Asus but did not hear back at the time of writing.
