#AsusGate : Vulnerability in certain ASUS routers

This isn’t new but has recently surfaced because of a hacker group’s posting of almost 13,000 IP addresses of Asus router owners suffering from this vulnerability. Asus took very long to fix the bug and had made no effort to tell customers to update their firmware to apply the fix. 

According to security researcher Kyle Lovett, the following Asus router models are vulnerable. (Unless you have already updated your router firmware)

  • RT-AC66R Dual-Band Wireless-AC1750 Gigabit Router
  • RT-AC66U Dual-Band Wireless-AC1750 Gigabit Router
  • RT-N66R Dual-Band Wireless-N900 Gigabit Router with 4-Port Ethernet Switch
  • RT-N66U Dual-Band Wireless-N900 Gigabit Router
  • RT-AC56U Dual-Band Wireless-AC1200 Gigabit Router
  • RT-N56R Dual-Band Wireless-AC1200 Gigabit Router
  • RT-N56U Dual-Band Wireless-AC1200 Gigabit Router
  • RT-N14U Wireless-N300 Cloud Router
  • RT-N16 Wireless-N300 Gigabit Router
  • RT-N16R Wireless-N300 Gigabit Router

If you suspect that you are affected, quickly disconnect all USB storages from the router, disable AiCloud as per the screenshot below and contact Asus for assistance.

Asus Customer Product Support
Tel: 6636 9163

Operating hours:
Mon~Fri: 09:30-17:30
Sat: 09:30-12.30
Closed on Sunday and Public Holiday.

 

Sources and references: 

– http://news.cnet.com/8301-1009_3-57619079-83/asus-router-vulnerabilities-go-unfixed-despite-reports/

– http://www.securityfocus.com/archive/1/526942

– http://arstechnica.com/security/2014/02/dear-asus-router-user-youve-been-pwned-thanks-to-easily-expl

– http://seclists.org/bugtraq/2013/Jul/87

– http://nullfluid.com/asusgate.txt

Comments

comments

Leave a Reply