ASUS Home Router Bugs Open Consumers to Snooping Attacks

2020-07-23 16:04

A pair of flaws in ASUS routers for the home could allow an attacker to compromise the devices - and eavesdrop on all of the traffic and data that flows through them.

The bugs are specifically found in the RT-AC1900P whole-home Wi-Fi model, within the router's firmware update functionality.

The router uses GNU Wget to fetch firmware updates from ASUS servers.

In vulnerable versions of the router, the files containing that string are shell scripts that perform downloads from the ASUS update servers, according to Trustwave's advisory, issued on Thursday.

An attacker would need to be connected to the vulnerable router to perform a man in the middle attack, which would allow that person complete access to all traffic going through the device.

News URL

https://threatpost.com/asus-home-router-bugs-snooping-attacks/157682/

#asus #attack #router

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Asus		441	1	85	118	37	241