Multiple Vulnerabilities in ASUS Routers [CVE-2017-5891 and CVE-2017-5892]

[AimDev]

Please enter a valid message.

 

[joegreat]

Link not possible? Or smaller font? Or, even better: posting an abstract of the issues?

 

[Xentrk]

Multiple Vulnerabilities in ASUS Routers [CVE-2017-5891 and CVE-2017-5892]
see the nightwatchcybersecurity site for details.

Here is the link https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/

Summary

Various models of ASUS RT routers have several CSRF vulnerabilities allowing malicious sites to login and change settings in the router; multiple JSONP vulnerabilities allowing exfiltration of router data and an XML endpoint revealing WiFi passwords.

Most of these issues have been fixed by Asus in the March 2017 firmware update under v3.0.0.4.380.7378. One issue (JSONP information disclosure) remains unfixed since the vendor doesn’t consider it to be a security threat.

CVE-2017-5891 has been assigned to the CSRF issues, and CVE-2017-5892 to cover the non-CSRF issues.

Users should change the default credentials and apply the latest firmware released by ASUS, version v3.0.0.4.380.7378 or higher (except for 4G-AC55U which has no patches available).

There is no mitigation available for the issue #3 – JSONP information disclosure without login.

 

[thelonelycoder]

Just another reason not to expose the WebUI to WAN.
The posted vulnerabilities can only be exploited when WebUI is allowed. In most cases this is from the LAN side.

 

[Xentrk]

Last Friday, the fitness center I go to was having internet issues. I volunteered to help them out. After my work out, it was up and running again. But being curious, I went to 192.168.1.1 and saw the router management login page. Next to the user and password field it listed the default userid and password as admin. So, I logged on with those credentials and sure enough, I was in. I told them about it and will follow-up with them to make sure they change it to something else. Ouch!

 

[Nullity]

Just another reason not to expose the WebUI to WAN.
The posted vulnerabilities can only be exploited when WebUI is allowed. In most cases this is from the LAN side.

How is CSRF related to exposing the WebUI to the WAN?

CSRF happens through the web-browser of an already logged-in WAN/LAN/whatever WebUI user. Disabling WAN access of the WebUI doesn't stop CSRF.

 

[thelonelycoder]

How is CSRF related to exposing the WebUI to the WAN?

CSRF happens through the web-browser of an already logged-in WAN/LAN/whatever WebUI user. Disabling WAN access of the WebUI doesn't stop CSRF.

As I said, just another reason not to expose it.
Which side of the router would you rather be if it happened to you?

 

[ColinTaylor]

@AimDev Yes we know. You're at least the 3rd person to post about this.

Solution: Change the default password and apply the most recent firmware.

 

[RMerlin]

Those are already patched in 3.0.0.4.380_7378 and 380.66.