Security News > 2020 > July > ASUS Home Router Bugs Open Consumers to Snooping Attacks

ASUS Home Router Bugs Open Consumers to Snooping Attacks
2020-07-23 16:04

A pair of flaws in ASUS routers for the home could allow an attacker to compromise the devices - and eavesdrop on all of the traffic and data that flows through them.

The bugs are specifically found in the RT-AC1900P whole-home Wi-Fi model, within the router's firmware update functionality.

The router uses GNU Wget to fetch firmware updates from ASUS servers.

In vulnerable versions of the router, the files containing that string are shell scripts that perform downloads from the ASUS update servers, according to Trustwave's advisory, issued on Thursday.

An attacker would need to be connected to the vulnerable router to perform a man in the middle attack, which would allow that person complete access to all traffic going through the device.


News URL

https://threatpost.com/asus-home-router-bugs-snooping-attacks/157682/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Asus 438 1 80 104 35 220