Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

ASUS Wireless Routers RT Series updates vulnerable to a Man in the Middle attack

The security expert David Longenecker discovered that the update process for ASUS Wireless Routers RT Series is vulnerable to Man-in-the-Middle attacks.  The security expert David Longenecker discovered that ASUS Wireless Routers RT Series are vulnerable to Man-in-the-Middle attacks. The researcher explained that that the routers download updates via HTTP without an encryption protocols as explained in the blog post by Longenecker. […]

ASUS Wireless Routers RT Series updates vulnerable to a Man in the Middle attack

The security expert David Longenecker discovered that the update process for ASUS Wireless Routers RT Series is vulnerable to Man-in-the-Middle attacks. 

The security expert David Longenecker discovered that ASUS Wireless Routers RT Series are vulnerable to Man-in-the-Middle attacks. The researcher explained that that the routers download updates via HTTP without an encryption protocols as explained in the blog post by Longenecker. An attacker could exploit the security issue to compromise the device, because the updates are not provided over a secure channel (i.e. Through HTTPS using the Transport Layer Security (TLS) protocol).

“Today I am disclosing one additional vulnerability, submitted as CVE-2014-2718. The ASUS RT- series of routers rely on an easily manipulated process to determine if an update is needed, and to retrieve the necessary update file. In short, the router downloads via clear-text a file from http://dlcdnet.asus.com, parses it to determine the latest firmware version, then downloads (again in the clear) a binary file matching that version number from the same web site.” explained Longenecker in the blog post.

“The ASUS RT- series of routers rely on an easily manipulated process to determine if an update is needed, and to retrieve the necessary update file,”  “Since the router downloads via HTTP instead of HTTPS, there is no way to validate that the server at the other end is in fact the ASUS server and not an impostor.”

According to the expert, the updating process for the ASUS Wireless Routers RT Series is insecure. The network device first downloads a clear-text file list containing the latest firmware builds, then it parses the downloaded file searching for a newer available firmware update. Once a new firmware update is available, the router downloads the firmware package.

“Knowing the actual latest revision for one or more target router models, we can increment the extended version (EXT####) and place the file in a matching path (pub/ASUS/LiveUpdate/Release/Wireless/wlan_update_v2.zip) on a server that we control. ” wrote Longenecker.  

The process is clearly exposed to external attack like the Man-in-the-Middle, this means that an attacker can tamper with both the list and software and compromise the router to access/manipulate the traffic that passes through it.

The ASUS Wireless Routers RT Series affected by the issue are: RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R and RT-N56U.

Experts speculated that also other ASUS Wireless Routers RT Series are affected by the same issue: RT-N53, RT-N14U, RT-N16 and RT-N16R.

ASUS quickly issued an undocumented fix to solve the problem, it is necessary that users will download it directly from the official ASUS website (asus.com), avoiding to use the built in update feature implemented in the router GUI.

ASUS Wireless Routers control gui

Pierluigi Paganini

Security Affairs –  (ASUS Wireless Routers RT Series, hacking)