JVN#32631078: Multiple ASUS wireless LAN routers vulnerable to cross-site request forgery

2015-01-27T00:00:00
ID JVN:32631078
Type jvn
Reporter Japan Vulnerability Notes
Modified 2015-06-17T00:00:00

Description

## Description

Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain a cross-site request forgery vulnerability.

## Impact

If a user views a malicious page while logged in, unintended operations may be conducted.

In addition, when this vulnerability is exploited along with the vulnerability stated in JVN#77792759, an arbitrary OS command may be executed.

## Solution

Update the Firmware
Apply the appropriate firmware update provided by the developer.

## Products Affected

  • RT-AC87U Firmware versions prior to 3.0.0.4.378.6065
  • RT-AC68U Firmware versions prior to 3.0.0.4.378.6152
  • RT-AC56S Firmware versions prior to 3.0.0.4.378.6065
  • RT-N66U Firmware versions prior to 3.0.0.4.378.6065
  • RT-N56U Firmware versions prior to 3.0.0.4.378.6065 [Added on June 17, 2015]
    Note that the firmware versions released on January 12, 2015 did not address the vulnerability completely. Newer firmware versions have been released.