Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Severe Vulnerabilities Allow Hacking of Asus Gaming Router

Cisco’s Talos security researchers have published technical information on three severe vulnerabilities impacting Asus RT-AX82U routers.

A Wi-Fi 6 gaming router, the RT-AX82U can be configured via an HTTP server that is running on the local network, but also supports remote management and monitoring.

Cisco’s Talos security researchers have published technical information on three severe vulnerabilities impacting Asus RT-AX82U routers.

A Wi-Fi 6 gaming router, the RT-AX82U can be configured via an HTTP server that is running on the local network, but also supports remote management and monitoring.

Last year, Cisco’s Talos researchers identified three critical- and high-severity security defects that could be exploited to bypass authentication, leak information, or cause a denial-of-service (DoS) condition on a vulnerable RT-AX82U router.

The most severe of these bugs is CVE-2022-35401 (CVSS score of 9.0), an authentication bypass exploitable via a series of crafted HTTP requests. An attacker could exploit the vulnerability to gain full administrative access to a vulnerable device.

The issue, Talos explains, resides in the remote administration functionality of the router, which essentially allows users to manage it just like any other Internet of Things (IoT) device.

To enable the capability, a user would need to turn on WAN access for the HTTPS server, and then generate an access code that allows them to link the router with either Amazon Alexa or IFTTT.

The token allows a remote website to connect to an endpoint on the device, which verifies that the code has been received within 2 minutes after being generated, and that it matches a token in the router’s NVRAM.

What Talos discovered was that the token’s generation algorithm was prone to brute force attacks, as the router supported only 255 possible codes, and that the token’s creation time check was also flawed, because it was based on device uptime.

The remaining two vulnerabilities CVE-2022-38105 and CVE-2022-38393 are two high-severity bugs impacting router functionality allowing for a mesh network setup.

The first of them allows an attacker to send crafted network packets to trigger repeated out-of-bounds errors and leak data such as thread stack addresses.

Also exploitable using crafted network packets, the second issue exists because a check is missing from a function verifying specific input packets, allowing an attacker to trigger an underflow and cause a system crash.

The three vulnerabilities were identified in Asus RT-AX82U firmware version 3.0.0.4.386_49674-ge182230 and were reported to the vendor in August. Users are advised to update their devices to the latest firmware release, which addresses all three bugs.

Related: Netgear Neutralizes Pwn2Own Exploits With Last-Minute Nighthawk Router Patches

Related: 10 Vulnerabilities Found in Widely Used Robustel Industrial Routers

Related: Millions of Routers Impacted by NetUSB Kernel Vulnerability

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.