lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 12 Feb 2014 16:29:11 -0500
From: kyle Lovett <krlovett@...il.com>
To: bugtraq <bugtraq@...urityfocus.com>
Subject: ASUS RT Series Routers FTP Service - Default anonymous access

Five ASUS RT series routers suffer from a vendor vulnerability that
default FTP service to anonymous access, full read/write permissions.
The service, which is activated from the administrative console does
not give proper instructions nor indications that the end user needs
to manually add a user to the FTP access table.

The vendor was first alerted to this issue in late June of 2012, and
then four other times officially from July 2012 to December 2012. It
was not until January of this year, when the editors for the Norwegian
publication IDG/PC World went to ASUS that any official response came.

This vulnerability has been exploited aggressively for sometime now,
and as a rolling count which has been kept ongoing since July 2012,
over 30,000 unique IP address, at one time or another have had their
FTP service shared.

The FTP services, when not secured, allows for full read/write access
to any external storage devices attached to the usb drives on the
router.

The vendor has issued an official (beta) patch for the RT-AC68U  as of
mid-January, and plans on additional patches in the coming week.

Models Include:

RT-AC68U
RT-AC56U
RT-AC66U
RT-N66U
RT-N16

CWE-287: Improper Authentication
CVSS v2 Vector (AV:N/AC:L/Au:N/C:C/I:C/A:N/E:H/RL:OF/RC:C)

CVSS Base Score 9.4
Impact Subscore 9.2
Exploitability Subscore 10
CVSS Temporal Score 8.2
Overall CVSS Score 8.2

Many have reported malware being uploaded into the sync share folders,
large amounts of unauthorized file sharing and most importantly the
theft of entire hard drives of personal information. Over 7,300 units
are still vulnerable to this weakness as of today.

It is strongly urged that those with any of the above routers check to
ensure that their FTP service has been secured.

Links:
https://www.asus.com/Networking/RTAC68U/#support
http://www.idg.no/pcworld/article281004.ece
http://www.thinkbroadband.com/news/6229-new-asus-router-firmware-to-fix-ftp-security-issue.html
http://www.pcworld.com/article/2087180/asus-simplifies-router-configuration-to-protect-external-hard-drives.html

Research Contact - Kyle Lovett
Discovered - June, 2012

Powered by blists - more mailing lists