Cisco’s Talos security researchers have published technical information on three severe vulnerabilities impacting Asus RT-AX82U routers.
A Wi-Fi 6 gaming router, the RT-AX82U can be configured via an HTTP server that is running on the local network, but also supports remote management and monitoring.
Last year, Cisco’s Talos researchers identified three critical- and high-severity security defects that could be exploited to bypass authentication, leak information, or cause a denial-of-service (DoS) condition on a vulnerable RT-AX82U router.
The most severe of these bugs is CVE-2022-35401 (CVSS score of 9.0), an authentication bypass exploitable via a series of crafted HTTP requests. An attacker could exploit the vulnerability to gain full administrative access to a vulnerable device.
The issue, Talos explains, resides in the remote administration functionality of the router, which essentially allows users to manage it just like any other Internet of Things (IoT) device.
To enable the capability, a user would need to turn on WAN access for the HTTPS server, and then generate an access code that allows them to link the router with either Amazon Alexa or IFTTT.
The token allows a remote website to connect to an endpoint on the device, which verifies that the code has been received within 2 minutes after being generated, and that it matches a token in the router’s NVRAM.
What Talos discovered was that the token’s generation algorithm was prone to brute force attacks, as the router supported only 255 possible codes, and that the token’s creation time check was also flawed, because it was based on device uptime.
The remaining two vulnerabilities CVE-2022-38105 and CVE-2022-38393 are two high-severity bugs impacting router functionality allowing for a mesh network setup.
The first of them allows an attacker to send crafted network packets to trigger repeated out-of-bounds errors and leak data such as thread stack addresses.
Also exploitable using crafted network packets, the second issue exists because a check is missing from a function verifying specific input packets, allowing an attacker to trigger an underflow and cause a system crash.
The three vulnerabilities were identified in Asus RT-AX82U firmware version 184.108.40.206.386_49674-ge182230 and were reported to the vendor in August. Users are advised to update their devices to the latest firmware release, which addresses all three bugs.