CYBER NEWS

CVE-2017-5891, CVE-2017-5892 encontrado nos roteadores sem fio Asus RT

ASUS RT wireless router owners, ter cuidado! If you haven’t updated your router’s firmware, you should do it immediately. Nightwatch Cybersecurity researchers have found vulnerabilities, CVE-2017-5891 and CVE-2017-5892, in these routers.

The team has revealed the POC exploit code for the flaws in question, which affect at least 40 router models. Some of the vulnerabilities could be exploited quite easily by tricking users into visiting a malicious site or via malicious applications running on the same network.

relacionado: Roteadores Netgear vulnerável a ataques de acesso remoto

More about CVE-2017-5891 and CVE-2017-5892

CVE-2017-5891: ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF.

CVE-2017-5892: ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map.

tão visível, the flaws are cross-site request forgery and could allow attackers to login and alter router settings. The non-CSRF issues, por outro lado, could lead to information disclosure.

Most of these issues have been fixed by Asus in the March 2017 firmware update under v3.0.0.4.380.7378. One issue (JSONP information disclosure) remains unfixed since the vendor doesn’t consider it to be a security threat, Os pesquisadores explicado.

Before the researchers went on announcing the issues to the public, they notified the vendor.

Here is the list of affected routers, but keep it in mind it may not be exhaustive:

Affected models include the following ASUS routers and is not exhaustive:

  • 4G-AC55U – [ADDED 05/10/2017: As reported by a commenter below, 4G-AC55U is also affected but has not patches available]
  • RT-AC51U
  • RT-AC52U B1 – [ADDED 05/10/2017 based on Asus Firmware updates]
  • RT-AC53 – [ADDED 05/10/2017 based on Asus Firmware updates]
  • RT-AC53U
  • RT-AC55U
  • RT-AC56R
  • RT-AC56S
  • RT-AC56U
  • RT-AC66U
  • RT-AC68U
  • RT-AC68UF – [ADDED 05/10/2017 based on Asus Firmware updates]
  • RT-AC66R
  • RT-AC66U
  • RT-AC66W
  • RT-AC68W
  • RT-AC68P
  • RT-AC68R
  • RT-AC68U
  • RT-AC87R
  • RT-AC87U
  • RT-AC88U – [ADDED 05/10/2017 based on Asus Firmware updates]
  • RT-AC1200 – [ADDED 05/10/2017 based on Asus Firmware updates]
  • RT-AC1750 – [ADDED 05/10/2017 based on Asus Firmware updates]
  • RT-AC1900P
  • RT-AC3100
  • RT-AC3200
  • RT-AC5300
  • RT-N11P
  • RT-N12 (D1 version only)
  • RT-N12+
  • RT-N12E
  • RT-N16 – [ADDED 05/10/2017 based on Asus Firmware updates]
  • RT-N18U
  • RT-N56U
  • RT-N66R
  • RT-N66U (B1 version only)
  • RT-N66W
  • RT-N300 – [ADDED 05/10/2017 based on Asus Firmware updates]
  • RT-N600 – [ADDED 05/10/2017 based on Asus Firmware updates]
Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum desde o início. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.