0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Asus RT Password Disclosure Vulnerability
Author
Risk
[
Security Risk High
]0day-ID
Category
Date add
CVE
Platform
In mid February, I wrote that a substantial portion of ASUS wireless routers would fail to update their firmware. In fact, the "check for update" function would inform the administrator that the router was fully up-to-date, even though it was not. ASUS was very quick to fix this. In analyzing that issue though, I saw some things that looked like potential avenues of exploit. The Web GUI for the ASUS RT- series of routers exposes the administrator username and password in clear text. This is true for the RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U models. I have not tested but suspect the same is true of RT-N53, RT-N14U, RT-N16, and RT-N16R since they use the same firmware base but a different sub-version. This is CVE-2014-2719. If the administrator is logged in, an attacker can browse to <router_address>/Advanced_System_Content.asp and obtain the username and password. Another researcher demonstrated a way to access the router via embedded images in an email message 18 months ago; that combined with this would gain an attacker easy administrative access. Compounding the problem, the admin login does not have a session timeout. Thus, if the administrator logged in (such as when first configuring the router, or subsequently installing an update) and does not intentionally logout, the session remains live and can be exploited as described above, even if the administrator no longer has a window open on the router. Firmware 3.0.0.4.374.5517 fixes both of these issues. The new code no longer shows the current password to users, and there is a new option to automatically logout after a set period of time. By default, the router will now log the administrator account out after 30 minutes; you can set this anywhere from 10 minutes to 999 minutes, or disable the feature if you prefer to stay logged in indefinitely. # 0day.today [2024-12-25] #