# Exploit Title: asus router FTP Auth bypass
# Google Dork: N/A
# Date: 28-03-2014
# Exploit Author: Santhosh Kumar
# Vendor Homepage: http://www.asus.com
# Software Link: http://www.asus.com/Networking/RTN56U
# Version: All versions
# Tested on: windows 8.1,windows 7 , ubuntu , debian
FTP service on the asus router allows anonymous when executed on passive mode it can allow viewing of the external hard drive connected to the device.
************************SHODAN SEARCH*********************************
ASUS RT-N10U or RT-N10U -- Returned 14173 for RT-N10U
ASUS RT-N56U or RT-N56U -- Returned 18501 for ASUS RT-N56U
ASUS DSL-N55U ---- Returned 20286 for ASUS DSL-N55U
ASUS RT-AC66U ----- 32721 for RT-AC66U
ASUS RT-N15U ------ 4865 for RT-N15U
ASUS RT-N53 ------ 5600 for RT-N53 (many false positives)
***********************************************************************
usage
ftp <vulnerable ip>
Login : anonymous
password:[email protected]
i have taken a Swedish ISP router for POC
IP ADDRESS
POC 1 : http://i.imgur.com/hsOdcjI.jpg
Screenshot of the Login:
Poc2 : http://i.imgur.com/FHPNJC2.jpg
Uploading of the test file directly to the hard drive
poc3:http://i.imgur.com/9n9wosu.jpg
*********************************************************************
Possible Fix
DIsable the FTP option till the vendor assures patch on the firmware or Disable Anonymous login.
# 0day.today [2018-01-04] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation