Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ASUS RT Password Disclosure

🗓️ 17 Apr 2014 00:00:00Reported by David LongeneckerType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 38 Views

ASUS RT series routers expose admin username and password in clear tex

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Asus RT Password Disclosure Vulnerability
19 Apr 201400:00
zdt
CVE		CVE-2014-2719
21 Apr 201414:00
cve
Cvelist		CVE-2014-2719
21 Apr 201414:00
cvelist
EUVD		EUVD-2014-2747
7 Oct 202500:30
euvd
NVD		CVE-2014-2719
22 Apr 201413:06
nvd
Prion		Code injection
22 Apr 201413:06
prion
`http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html  
  
  
In mid February, I wrote that a substantial portion of ASUS wireless  
routers would fail to update their firmware. In fact, the "check for  
update" function would inform the administrator that the router was fully  
up-to-date, even though it was not. ASUS was very quick to fix this. In  
analyzing that issue though, I saw some things that looked like potential  
avenues of exploit.  
  
  
The Web GUI for the ASUS RT- series of routers exposes the administrator  
username and password in clear text. This is true for  
the RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R,  
RT-N66U, RT-N56R, RT-N56U models. I have not tested but suspect the same is  
true of RT-N53, RT-N14U, RT-N16, and RT-N16R since they use the same  
firmware base but a different sub-version. This is CVE-2014-2719.  
  
  
If the administrator is logged in, an attacker can browse to  
<router_address>/Advanced_System_Content.asp and obtain the username and  
password. Another researcher demonstrated a way to access the router  
via embedded images in an email message 18 months ago; that combined with  
this would gain an attacker easy administrative access.  
  
  
Compounding the problem, the admin login does not have a session timeout.  
Thus, if the administrator logged in (such as when first configuring the  
router, or subsequently installing an update) and does  
not intentionally logout, the session remains live and can be exploited as  
described above, even if the administrator no longer has a window open on  
the router.  
  
  
Firmware 3.0.0.4.374.5517 fixes both of these issues. The new code no  
longer shows the current password to users, and there is a new option to  
automatically logout after a set period of time. By default, the router  
will now log the administrator account out after 30 minutes; you can set  
this anywhere from 10 minutes to 999 minutes, or disable the feature if you  
prefer to stay logged in indefinitely.  
  
--   
Regards,  
David Longenecker  
  
Connect: Security Blog <http://dnlongen.blogspot.com> | Security  
Twitter<https://www.twitter.com/dnlongen> |  
Awana Twitter <https://www.twitter.com/dstx_awana> |  
LinkedIn<https://www.linkedin.com/in/dnlongen/>  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Apr 2014 00:00Current
6.7Medium risk
Vulners AI Score6.7
EPSS0.00309
asusrouterspassword disclosurefirmware updateweb guicve-2014-2719
38