Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


CVE-2017-5891, CVE-2017-5892 Found in Asus RT Wireless Routers

ASUS RT wireless router owners, beware! If you haven’t updated your router’s firmware, you should do it immediately. Nightwatch Cybersecurity researchers have found vulnerabilities, CVE-2017-5891 and CVE-2017-5892, in these routers.

The team has revealed the POC exploit code for the flaws in question, which affect at least 40 router models. Some of the vulnerabilities could be exploited quite easily by tricking users into visiting a malicious site or via malicious applications running on the same network.

Related: Netgear Routers Vulnerable to Remote Access Attacks

More about CVE-2017-5891 and CVE-2017-5892

CVE-2017-5891: ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF.

CVE-2017-5892: ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map.

As visible, the flaws are cross-site request forgery and could allow attackers to login and alter router settings. The non-CSRF issues, on the other hand, could lead to information disclosure.

Most of these issues have been fixed by Asus in the March 2017 firmware update under v3.0.0.4.380.7378. One issue (JSONP information disclosure) remains unfixed since the vendor doesn’t consider it to be a security threat, the researchers explained.

Before the researchers went on announcing the issues to the public, they notified the vendor.

Here is the list of affected routers, but keep it in mind it may not be exhaustive:

Affected models include the following ASUS routers and is not exhaustive:

  • 4G-AC55U – [ADDED 05/10/2017: As reported by a commenter below, 4G-AC55U is also affected but has not patches available]
  • RT-AC51U
  • RT-AC52U B1 – [ADDED 05/10/2017 based on Asus Firmware updates]
  • RT-AC53 – [ADDED 05/10/2017 based on Asus Firmware updates]
  • RT-AC53U
  • RT-AC55U
  • RT-AC56R
  • RT-AC56S
  • RT-AC56U
  • RT-AC66U
  • RT-AC68U
  • RT-AC68UF – [ADDED 05/10/2017 based on Asus Firmware updates]
  • RT-AC66R
  • RT-AC66U
  • RT-AC66W
  • RT-AC68W
  • RT-AC68P
  • RT-AC68R
  • RT-AC68U
  • RT-AC87R
  • RT-AC87U
  • RT-AC88U – [ADDED 05/10/2017 based on Asus Firmware updates]
  • RT-AC1200 – [ADDED 05/10/2017 based on Asus Firmware updates]
  • RT-AC1750 – [ADDED 05/10/2017 based on Asus Firmware updates]
  • RT-AC1900P
  • RT-AC3100
  • RT-AC3200
  • RT-AC5300
  • RT-N11P
  • RT-N12 (D1 version only)
  • RT-N12+
  • RT-N12E
  • RT-N16 – [ADDED 05/10/2017 based on Asus Firmware updates]
  • RT-N18U
  • RT-N56U
  • RT-N66R
  • RT-N66U (B1 version only)
  • RT-N66W
  • RT-N300 – [ADDED 05/10/2017 based on Asus Firmware updates]
  • RT-N600 – [ADDED 05/10/2017 based on Asus Firmware updates]

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.