Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Design Flaw Exposes ASUS Routers to Remote Attacks

A security researcher discovered that some SOHO routers from ASUS can be accessed from the Internet even if the WAN access feature is disabled. The vendor has prepared a firmware update to address the issue.

A security researcher discovered that some SOHO routers from ASUS can be accessed from the Internet even if the WAN access feature is disabled. The vendor has prepared a firmware update to address the issue.

David Longenecker noticed last month that ASUS routers running ASUSWRT firmware (models with RT- in their name) can be accessed remotely from the Web even if the “Enable Web Access from WAN” feature is disabled. The only condition is that the device’s firewall feature is not enabled.

According to the expert, if the “Enable Firewall” option is set to “no,” it overrides the remote access setting that should ensure a router cannot be accessed from the Internet.

This allows a hacker who knows the targeted user’s IP address to remotely access the router. Then, they only need to figure out the password to the administration interface and they can completely compromise the device. As experts often pointed out, many users set weak passwords on their routers or don’t even bother changing the one assigned by default.

By default, WAN access is disabled and the firewall is enabled, but some users might disable the firewall thinking that unauthorized parties should not be able to access their router’s interface from the Internet with the remote management feature turned off.

Using Shodan, Longenecker identified roughly 122,000 ASUS routers with a publicly accessible HTTP service. The expert also discovered 15,000 devices with an accessible HTTPS service.

Advertisement. Scroll to continue reading.

“I would expect most administrators that took the time to restrict access to HTTPS, also took the time to restrict such access to only local devices. In other words, 15,000 people made an effort to secure their routers, and yet could still be pwned from an Internet attacker,” the researcher explained on his blog.

An analysis of the most recent version of the firmware (3.0.0.378.9460) revealed that the issue is caused by a design flaw in the iptables rules used to manage access to the router, namely the lack of a rule covering external access to the device’s web interface. When the firewall is enabled, access to the interface is not blocked specifically, but all connections that are not covered in the defined rules are dropped.

Longenecker told SecurityWeek that he reported the flaw to ASUS on January 20 and received a response from the vendor within 24 hours. By January 25, the company had already sent him a beta version of the firmware designed to patch the bug.

SecurityWeek has reached out to ASUS for information regarding the general availability of the firmware, but the company has not responded by the time of publication. Until the update becomes available, users can protect themselves against potential attacks by ensuring that the firewall is enabled.

This was not the first time Longenecker reported vulnerabilities to ASUS. The expert identified 5-6 issues over the past years, including a vulnerability in the firmware update process of wireless routers, and said the vendor was very responsive to all his reports.

Related: Tens of Thousands of Routers, IP Cams Infected by Vigilante Malware

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Sherrod DeGrippo has been appointed Head of Threat Intelligence for Palo Alto Networks Unit 42.

Christopher Porter has joined Booz Allen Hamilton as Global Chief Information Security Officer.

Yael Ben Arie has joined exposure validation company Pentera as Chief Product Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.