nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

ASUS router vulns patched

By Team Register, 28 Apr 2016

Unauthenticated users can rip unsalted passwords from Asus routers.

Critically the pwning of the high-end consumer routers requires users to enable anonymous access to FTP servers.

Users can thanks to insecure default configuration access all sensitive parts of the system without the possibility of restrictions being implemented including unsalted passwords

Hackers at BAE Systems say some 13 ASUS routers are assumed to be affected with the tri-band AC3200 model confirmed.

Patches are available and a proof of concept to steal root passwords and spawn a shell has been published.

The Register - Independent news and views for the tech community. Part of Situation Publishing