On 22 January 2018 at 19:00, Maor Shwartz <[email protected]> wrote:
> SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution > > Full report: https://blogs.securiteam.com/index.php/archives/3589 > Twitter: @SecuriTeam_SSD > Weibo: SecuriTeam_SSD > > Vulnerabilities Summary > The following advisory describes two (2) vulnerabilities found in AsusWRT > Version 3.0.0.4.380.7743. The combination of the vulnerabilities leads to > LAN remote command execution on any Asus router. > > AsusWRT is “THE POWERFUL USER-FRIENDLY INTERFACE – The enhanced ASUSWRT > graphical user interface gives you easy access to the 30-second, 3-step > web-based installation process. It’s also where you can configure AiCloud > 2.0 and all advanced options. ASUSWRT is web-based, so it doesn’t need a > separate app, or restrict what you can change via mobile devices — you get > full access to everything, from any device that can run a web browser” > > The vulnerabilities found are: > > Access bypass > Configuration manipulation > > Credit > An independent security researcher, Pedro Ribeiro (pedrib_at_gmail.com), > has reported this vulnerability to Beyond Security’s SecuriTeam Secure > Disclosure program. > > Vendor response > Asus were informed of the vulnerabilities and released patches to address > them (version 3.0.0.4.384_10007). > > For more details: > https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/ > > Just to add that MITRE has provided CVE for the issues found: Access bypass: CVE-2018-5999 Configuration manipulation: CVE-2018-6000 Thanks again to SecuriTeam for helping with the disclosure. Advisory links have been updated: https://blogs.securiteam.com/index.php/archives/3589 https://raw.githubusercontent.com/pedrib/PoC/master/advisories/asuswrt-lan-rce.txt Regards, Pedro _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
