JVN#77792759: Multiple ASUS wireless LAN routers vulnerable to OS command injection

2015-01-27T00:00:00
ID JVN:77792759
Type jvn
Reporter Japan Vulnerability Notes
Modified 2015-06-17T00:00:00

Description

## Description

Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability.

## Impact

An arbitrary OS command may be executed by an authenticated attacker.

In addition, when this vulnerability is exploited along with the vulnerability stated in JVN#32631078, an arbitrary OS command may be executed if a logged in user views a malicious page.

## Solution

Update the Firmware
Apply the appropriate firmware update provided by the developer.

## Products Affected

  • RT-AC87U Firmware versions prior to 3.0.0.4.378.6065
  • RT-AC68U Firmware versions prior to 3.0.0.4.378.6152
  • RT-AC56S Firmware versions prior to 3.0.0.4.378.6065
  • RT-N66U Firmware versions prior to 3.0.0.4.378.6065
  • RT-N56U Firmware versions prior to 3.0.0.4.378.6065 [Added on June 17, 2015]
    Note that the firmware versions released on January 12, 2015 did not address the vulnerability completely. Newer firmware versions have been released.