News

Asus patches dangerous vulnerability in router firmware

By admin
Spread the love

Asus has released new firmware for a number of routers, with or without an integrated dsl modem. These patches are supposed to close a dangerous leak, where an attacker can gain full admin rights via the local network.

The updates have been released by Asus for the DSL-AC68U, RT-AC56U, RT-AC66U, RT-AC68U, RT-AC87U, RT-N56U, and RT-N66U. Asus has also made updates to the alternate Merlin firmware available. With the firmware updates, Asus closes a leak that was published on GitHub earlier this month. Exploit code has also appeared online.

The bug is present in the so-called infosvr service. This scans the local network for other routers. In the vulnerable firmware versions, infosvr runs with full root privileges. In addition, a bug in the service allows an attacker to gain full admin rights via a UDP broadcast on port 9999, after which the settings can be changed.

Although the vulnerability can only be exploited via the local network, and therefore not via the Internet, obtaining full admin rights by an attacker is risky if the router is used, for example, to offer public hotspots. For router models that have not yet been updated, there are a number of workarounds available. For example, the service can be disabled manually and the firewall can block port 9999.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

ASUS will produce and support NUC mini PCs after Intel exit

News

Xbox Community CEO Larry ‘Major Nelson’ Hryb is leaving Microsoft after…

News

GitHub enables passwordless login via passkeys in beta

News

Aya Neo Introduces Slim Air 1S and Air 1S Ultra Handhelds with AMD Zen 4 APU

Exit mobile version