Full Disclosure mailing list archives
Re: [FD] SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution
From: Pedro Ribeiro <pedrib () gmail com>
Date: Fri, 26 Jan 2018 15:33:20 +0700
On 22 January 2018 at 19:00, Maor Shwartz <maors () beyondsecurity com> wrote:
SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution Full report: https://blogs.securiteam.com/index.php/archives/3589 Twitter: @SecuriTeam_SSD Weibo: SecuriTeam_SSD Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in AsusWRT Version 3.0.0.4.380.7743. The combination of the vulnerabilities leads to LAN remote command execution on any Asus router. AsusWRT is “THE POWERFUL USER-FRIENDLY INTERFACE – The enhanced ASUSWRT graphical user interface gives you easy access to the 30-second, 3-step web-based installation process. It’s also where you can configure AiCloud 2.0 and all advanced options. ASUSWRT is web-based, so it doesn’t need a separate app, or restrict what you can change via mobile devices — you get full access to everything, from any device that can run a web browser” The vulnerabilities found are: Access bypass Configuration manipulation Credit An independent security researcher, Pedro Ribeiro (pedrib_at_gmail.com), has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor response Asus were informed of the vulnerabilities and released patches to address them (version 3.0.0.4.384_10007). For more details: https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/
Just to add that MITRE has provided CVE for the issues found: Access bypass: CVE-2018-5999 Configuration manipulation: CVE-2018-6000 Thanks again to SecuriTeam for helping with the disclosure. Advisory links have been updated: https://blogs.securiteam.com/index.php/archives/3589 https://raw.githubusercontent.com/pedrib/PoC/master/advisories/asuswrt-lan-rce.txt Regards, Pedro _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution Maor Shwartz (Jan 23)
- Re: [FD] SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution Pedro Ribeiro (Jan 26)