lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 8 Feb 2014 18:30:15 -0500
From: kyle Lovett <krlovett@...il.com>
To: bugtraq <bugtraq@...urityfocus.com>
Subject: ASUS AiCloud Enabled Routers 12 Models - Authentication bypass and
 Sensitive file/path disclosure

ASUS routers, which are enabled with the AiCloud service (SSL ports),
are vulnerable to bypass of authentication and sensitive file
disclosure. This vulnerability has been observed in all firmware
versions, though the latest version increases the complexity of the
attack. By sending a special crafted packet, an attacker can exploit a
weakness in the software by calling a non existent file /smb.xml. This
attack leads to sensitive path disclosure and directory traversal.

On the latest 3.0.0.4.374.2xxx firmware versions, specifically in the
the 66 and 68 series routers, have shown a weakness that may allow an
attacker to exploit the /smb.xml vulnerability with a specially
crafted packet to cause a short term denial of service to the AiCloud
service.

The full details were disclosed to the Vendor last month. There are no
known patches or workarounds at this time other than turning off any
remote access to the AiCloud service.

This is not directly related to the clear text password disclosure
made last July. Also, it is strongly advised that the password to the
administrative side of the router be changed from the default, since
hijacking the routers VPN service becomes trivial once access to the
admin console is obtained.

RT-AC68U Dual-band Wireless-AC1900 Gigabit Router
RT-AC66R Dual-Band Wireless-AC1750 Gigabit Router
RT-AC66U Dual-Band Wireless-AC1750 Gigabit Router
RT-N66R Dual-Band Wireless-N900 Gigabit Router
RT-N66U Dual-Band Wireless-N900 Gigabit Router
RT-AC56U Dual-Band Wireless-AC1200 Gigabit Router
RT-N56R Dual-Band Wireless-AC1200 Gigabit Router
RT-N56U Dual-Band Wireless-AC1200 Gigabit Router
RT-N14U Wireless-N300 Cloud Router
RT-N14UHP Wireless-N300 Cloud Router
RT-N16 Wireless-N300 Gigabit Router
RT-N16R Wireless-N300 Gigabit Router

Access Vector: Remote
Access Complexity: High
Authentication: None
Confidentiality Impact: Partial
Availability Impact: Partial

CWE-400: Uncontrolled Resource Consumption
CWE-208 Information Exposure Through Timing Discrepancy
CWE-211 Information Exposure Through Externally-Generated Error Message
CWE-289 Authentication Bypass by Alternate Name

Product Pages:

http://www.asus.com/Networking/
http://www.asus.com/support/

Research Contact - K Lovett
Discovered - January, 2014

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ