Reporter Japan Vulnerability Notes
Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability.
An arbitrary OS command may be executed by an authenticated attacker.
In addition, when this vulnerability is exploited along with the vulnerability stated in JVN#32631078, an arbitrary OS command may be executed if a logged in user views a malicious page.
Update the Firmware
Apply the appropriate firmware update provided by the developer.
## Products Affected
- RT-AC87U Firmware versions prior to 18.104.22.168.378.6065
- RT-AC68U Firmware versions prior to 22.214.171.124.378.6152
- RT-AC56S Firmware versions prior to 126.96.36.199.378.6065
- RT-N66U Firmware versions prior to 188.8.131.52.378.6065
- RT-N56U Firmware versions prior to 184.108.40.206.378.6065
[Added on June 17, 2015]
Note that the firmware versions released on January 12, 2015 did not address the vulnerability completely. Newer firmware versions have been released.