A researcher has discovered a security hole in the firmware of several wireless Asus router models which could be exploited by an attacker to gain complete control of the network and use it to mount other attacks from this vantage point.
Luckily, the vulnerability (CVE-2014-9583) can’t be exploited by remote attackers – they have to be on the network. Nevertheless, it presents a serious problem for those who run public access Wi-Fi networks or those who don’t trust the people who are allowed to connect to their private one.
“Several models of ASUS’s routers include a service called infosvr that listens on UDP broadcast port 9999 on the LAN interface. It’s used by one of Asus’s tools to ease router configuration by automatically locating routers on the local subnet. This service runs with root privileges and contains an unauthenticated command execution vulnerability,” explained researcher Joshua Drake.
“Currently, all known firmware versions for applicable routers (RT-AC66U, RT-N66U, etc.) are assumed vulnerable.”
He shared a working exploit of the flaw, but also linked to a few workarounds that can help users protect themselves until a firmware update plugging the hole is made available. One of these includes disabling the infosvr service after each device reboot.
While waiting for Asus to react, users can also try out the latest version (v.376.49_5) of Asuswrt-Merlin, a custom firmware for Asus routers, in which the issue in question has already been fixed.