Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Asus Patches Firmware Security Vulnerability

It is not uncommon for vendors to give security advisories. This time however, it appears a hacker gave at least one victim an unexpected heads up.

According to Ars Technica, a user of an Asus router uncovered a text file on his external hard drive. The message read as follows: “This is an automated message being sent out to everyone effected. Your Asus router (and your documents) can be accessed by anyone in the world with an Internet connection.”

It is not uncommon for vendors to give security advisories. This time however, it appears a hacker gave at least one victim an unexpected heads up.

According to Ars Technica, a user of an Asus router uncovered a text file on his external hard drive. The message read as follows: “This is an automated message being sent out to everyone effected. Your Asus router (and your documents) can be accessed by anyone in the world with an Internet connection.”

The note also instructed the user to read information on how to protect against the attack, which took advantage of a vulnerability uncovered last year by researcher Kyle Lovett. According to Lovett, the issue allows hackers to “traverse to any external storage plugged in through the USB ports on the back of the router.”

Asus did not respond to a request for comment on the issue. However, Softpedia reported that the vulnerability was addressed last week in a firmware update by Asus.

Earlier this month, a list of nearly 13,000 IP addresses reportedly tied to the vulnerable routers was posted on the Internet. The list contained the names of files stored on the hard drives of impacted users have been published as well.

The list of impacted routers includes RT-N66U, RT-N66R, RT-AC56U, RT-N56R, RT-N56U, RT-N14U, RT-N16, RT-N16R, RT-AC66R and RT-AC66U. More information about the updates for each model can be found here.

Just recently, researchers at the SANS Institute warned about a worm exploiting a vulnerability in several Linksys routers. The worm, dubbed ‘TheMoon’, takes advantage of a flaw that has since been patched by Linksys. Users are advised to apply the relevant updates.

Written By

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.