ASUS routers: Any local user can become an administrator


Its routers ASUS contain a vulnerability that turns users into admins, according to security researcher Joshua Drake.ASUS Routers

The routers could be exploited by malicious local users, but not by those in the wider internet. After a malicious user's intervention, the router could send network users who use it on malicious websites.

Drake says to a publication that many popular models such as RT-N66 and RT-AC66U are affected.

"Currently, all known versions of the firmware used in these routers are considered vulnerable," Drake said.
[tweet_embed id = 552292584450969600]

The code that allows executing commands is found in the infosvr service, which runs as root and is listened to the UDP port 9999. The service is designed, as reported by Drake, to simplify router settings by locating local routers.

Administrators should remove infosvr remote command execution or close the service from their firewall as their local area network passwords are not secure.

Registration in iGuRu.gr via Email

Enter your email to subscribe to the email notification service for new posts.


Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news