CATEGORIES
home News

Serious Vulnerabilities Plague Select ASUS Routers Requiring Manual Firmware Update to Fix

by Rob WilliamsWednesday, February 19, 2014, 02:00 PM EDT

It's not too often that a vendor chooses to remain silent about vulnerabilities plaguing its product(s), and it's even rarer to remain silent when fixes are available. For those using N or AC-based ASUS routers, though, it's important to take note: A number of rather serious vulnerabilities might exist if your router's not running the latest firmware.

Most of the vulnerabilities have to do with unauthorized access to networked drives being made possible, either through basic Samba connections or otherwise (lighthttpd, for example). Further, there's the risk of someone being able to entirely bypass the router's authentication.

Affected models: RT-AC66R, RT-AC66U, RT-N66R, RT-N66U, RT-AC56U, RT-N56R, RT-N56U, RT-N14U, RT-N16, RT-N16R

What makes the situation surrounding these vulnerabilities even stranger is that despite their relative severity, using the firmware check option in the admin is unlikely to yield anything other than a "The router's current firmware is the latest version." message. That's at least the case with me and my RT-N66U - not even a non-beta update from last month is triggered.

For the RT-N66U in particular, ASUS shows these fixes as being handled with the latest (manual) firmware update:

  • Fixed lighthttpd vulnerability.
  • Fixed cross-site scripting vulnerability (CWE-79).
  • Fixed the authentication bypass (CWW-592).
  • Added notification to help avoid security risks.
  • Fixed network place(samba) and FTP vulnerability.

It's important to note that simply using one of the affected routers doesn't make you vulnerable; instead, I believe every single one of them is triggered when a certain cloud-like service is enabled (AiCloud, for example). This isn't too dissimilar from the issue we spoke of just the other day regarding select Linksys routers.

Nonetheless, it should go without saying: If you own one of these routers, you'd be wise to hit-up ASUS' support site and grab the latest firmware update.

Tags:  Asus, security, Router, Networking
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment