• Home
  • News
  • Newly Found Vulnerability Makes ASUS Routers an Easy Target

Newly Found Vulnerability Makes ASUS Routers an Easy Target

According to a security researcher named Joshua Drake, ASUS routers have a vulnerability which allows hackers to take control over them. The good news is that this exploit can only be used from within the network or with the help of an already compromised PC that is connected to the router. Drake's announcement came immediately after someone else discovered the problem and published an exploit for it.

If you're wondering why someone would want to compromise your router instead of your computer, I will give you a few reasons. For starters, the router will give the hacker access to all the connected PCs and not just to a single one. What's even better for the attacker is that a compromised router is almost impossible to spot since there are no antivirus programs capable of scanning these devices. Once the router is compromised, the cyber criminal can intercept and modify the data you send and receive from the Internet or use DNS hijacking techniques to misrepresent legitimate websites.

The vulnerability is related to a tool named Asus Wireless Router Device Discovery Utility and more specifically to a service called infosvr which runs (with root privileges) on ASUS routers by default. Infosrv's purpose is to listen to packets sent to the router's LAN interface through the 9999 UDP port. So far, the engineers from ASUS don't have a fix for this problem, but the are a couple of ways for you to work around the issue.

The simplest way is to use Telnet to connect to your router and, once there, type this command: iptables -I INPUT -p udp —dport 9999 -j DROP which will create a Firewall rule that blocks the 9999 port. I don't have an ASUS router, so I can't tell you if it works, but I saw a few people claiming that it didn't. Furthermore, this rule isn't permanent so you will have to retype it every time you reboot. Another fix is to use firmware called Asuswrt-Merlin and update it to its 376.49_5 version. Before you do this, you should understand exactly all the risks associated with installing custom firmware and the fact that this action will most likely nullify your warranty.

Comments