Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

Design Flaw Exposes ASUS Routers to Remote Attacks

A security researcher discovered that some SOHO routers from ASUS can be accessed from the Internet even if the WAN access feature is disabled. The vendor has prepared a firmware update to address the issue.

A security researcher discovered that some SOHO routers from ASUS can be accessed from the Internet even if the WAN access feature is disabled. The vendor has prepared a firmware update to address the issue.

David Longenecker noticed last month that ASUS routers running ASUSWRT firmware (models with RT- in their name) can be accessed remotely from the Web even if the “Enable Web Access from WAN” feature is disabled. The only condition is that the device’s firewall feature is not enabled.

According to the expert, if the “Enable Firewall” option is set to “no,” it overrides the remote access setting that should ensure a router cannot be accessed from the Internet.

This allows a hacker who knows the targeted user’s IP address to remotely access the router. Then, they only need to figure out the password to the administration interface and they can completely compromise the device. As experts often pointed out, many users set weak passwords on their routers or don’t even bother changing the one assigned by default.

By default, WAN access is disabled and the firewall is enabled, but some users might disable the firewall thinking that unauthorized parties should not be able to access their router’s interface from the Internet with the remote management feature turned off.

Using Shodan, Longenecker identified roughly 122,000 ASUS routers with a publicly accessible HTTP service. The expert also discovered 15,000 devices with an accessible HTTPS service.

“I would expect most administrators that took the time to restrict access to HTTPS, also took the time to restrict such access to only local devices. In other words, 15,000 people made an effort to secure their routers, and yet could still be pwned from an Internet attacker,” the researcher explained on his blog.

An analysis of the most recent version of the firmware ( revealed that the issue is caused by a design flaw in the iptables rules used to manage access to the router, namely the lack of a rule covering external access to the device’s web interface. When the firewall is enabled, access to the interface is not blocked specifically, but all connections that are not covered in the defined rules are dropped.

Longenecker told SecurityWeek that he reported the flaw to ASUS on January 20 and received a response from the vendor within 24 hours. By January 25, the company had already sent him a beta version of the firmware designed to patch the bug.

SecurityWeek has reached out to ASUS for information regarding the general availability of the firmware, but the company has not responded by the time of publication. Until the update becomes available, users can protect themselves against potential attacks by ensuring that the firewall is enabled.

This was not the first time Longenecker reported vulnerabilities to ASUS. The expert identified 5-6 issues over the past years, including a vulnerability in the firmware update process of wireless routers, and said the vendor was very responsive to all his reports.

Related: Tens of Thousands of Routers, IP Cams Infected by Vigilante Malware

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...