Its routers ASUS contain a vulnerability that turns users into admins, according to security researcher Joshua Drake.
Routers could be exploited by malicious local users, but not by those on the wider network.network. After the intervention of the malicious user the router could send the network users using it to malicious websites.
Drake says to a publication that many popular models such as RT-N66 and RT-AC66U are affected.
“Currently, all known firmware versions that useson these routers are considered vulnerable," said Drake.
[tweet_embed id = 552292584450969600]
The mistake codeς που επιτρέπει την εκτέλεση εντολών βρίσκεται στην υπηρεσία infosvr, που τρέχει σαν root και είναι listened στην UDP θύρα 9999. Η υπηρεσία έχει σχεδιαστεί, όπως αναφέρει ο Drake, για να απλοποιήσει τις settings of the router by locating local routers.
Admins should remove infosvr remoting or shutdown the service from the firewall protectionsince their local area network passwords are not secure.