[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [FD] =?utf-8?q?SSD_Advisory_=E2=80=93_Hack2Win_=E2=80=93_Asus_Una?=
From: Pedro Ribeiro <pedrib () gmail ! com>
Date: 2018-01-26 8:33:20
Message-ID: CAEDdjHcQbjNcVpz_t=GHE5_Eaq0=DpH3BOY3zD1t6kkdecnwXw () mail ! gmail ! com
[Download RAW message or body]
On 22 January 2018 at 19:00, Maor Shwartz <maors@beyondsecurity.com> wrote:
> SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution
>
> Full report: https://blogs.securiteam.com/index.php/archives/3589
> Twitter: @SecuriTeam_SSD
> Weibo: SecuriTeam_SSD
>
> Vulnerabilities Summary
> The following advisory describes two (2) vulnerabilities found in AsusWRT
> Version 3.0.0.4.380.7743. The combination of the vulnerabilities leads to
> LAN remote command execution on any Asus router.
>
> AsusWRT is "THE POWERFUL USER-FRIENDLY INTERFACE – The enhanced ASUSWRT
> graphical user interface gives you easy access to the 30-second, 3-step
> web-based installation process. It's also where you can configure AiCloud
> 2.0 and all advanced options. ASUSWRT is web-based, so it doesn't need a
> separate app, or restrict what you can change via mobile devices — you get
> full access to everything, from any device that can run a web browser"
>
> The vulnerabilities found are:
>
> Access bypass
> Configuration manipulation
>
> Credit
> An independent security researcher, Pedro Ribeiro (pedrib_at_gmail.com),
> has reported this vulnerability to Beyond Security's SecuriTeam Secure
> Disclosure program.
>
> Vendor response
> Asus were informed of the vulnerabilities and released patches to address
> them (version 3.0.0.4.384_10007).
>
> For more details:
> https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/
>
>
Just to add that MITRE has provided CVE for the issues found:
Access bypass: CVE-2018-5999
Configuration manipulation: CVE-2018-6000
Thanks again to SecuriTeam for helping with the disclosure.
Advisory links have been updated:
https://blogs.securiteam.com/index.php/archives/3589
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/asuswrt-lan-rce.txt
Regards,
Pedro
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic