Asus patches dangerous vulnerability in router firmware
Asus has released new firmware for a number of routers, with or without an integrated dsl modem. These patches are supposed to close a dangerous leak, where an attacker can gain full admin rights via the local network.
The updates have been released by Asus for the DSL-AC68U, RT-AC56U, RT-AC66U, RT-AC68U, RT-AC87U, RT-N56U, and RT-N66U. Asus has also made updates to the alternate Merlin firmware available. With the firmware updates, Asus closes a leak that was published on GitHub earlier this month. Exploit code has also appeared online.
The bug is present in the so-called infosvr service. This scans the local network for other routers. In the vulnerable firmware versions, infosvr runs with full root privileges. In addition, a bug in the service allows an attacker to gain full admin rights via a UDP broadcast on port 9999, after which the settings can be changed.
Although the vulnerability can only be exploited via the local network, and therefore not via the Internet, obtaining full admin rights by an attacker is risky if the router is used, for example, to offer public hotspots. For router models that have not yet been updated, there are a number of workarounds available. For example, the service can be disabled manually and the firewall can block port 9999.