BIG WARNING TO ALL USERS OF ASUS ROUTERS

This is a warning for a severe security issue with many Asus Routers.

Almost all RT-Axx and RT-Nxx routers and probably more have a directory traversal issue.

By just adding the parameter /tmp/lighttpd/permissions to the IP address or url of the router, the password file can be downloaded which contains all usernames and passwords of all users, including the administrator.

Even more worse, it is possible to execute any executable on the router or even upload or modify additional executable or files.

Asus is aware about this since June. There is no update available yet and even not a warning on their website.

This issue is so severe because those routers are quite easy to find e.g. by using the included shodan tool and by searching for asuscomm.com which is the suffix of the dynamic domain which will be created by Asus AiCloud service.

More worse and even another implementation flaw of Asus, by searching for this term, hackers will automatically know the first part of the dynamic dns entry (the part in front of asuscomm.com) which means that all routers that are being found by shodan can still be compromised even if the IP address has been changed meanwhile.

As there is no security update available yet, ALL those routers and ALL FILES in Asus AiCloud can be accessed as if there would be no password protection at all.
A single Search for such routers in Chicago returned 171 AiCloud devices and Berlin 130.

Scary!

Recommendations:

– Ideally, replace all Asus devices

If that’s not feasible :

– Switch off all AiCloud services (there are actually three) on your router
– Disable all UPnP services (which is even good for all other situations)
– Disable remote access
– Change all username and passwords

Stay tuned,

Marcus