AiCloud opened Asus routers to hijacking

By

Rooted routers.

Asus has issued patches for a series of USB enabled routers which were vulnerable to remote compromise.

AiCloud opened Asus routers to hijacking

The bugs affected users of eight router models with the AiCloud mobile app service activated.

Researcher Kyle Lovatt dropped the vulnerabilities ahead of the patches on the Full Disclosure mailing list after claiming Asus did not adequately respond to warn customers and patch the flaws.

He said "no serious attempt" was made to warn customers after "multiple requests from several different security professionals". 

"Nor has ASUS posted a disclosure of these serious issues to new potential customers on their AiCloud web adverts since they still advertise the product as an add-on with these routers, as a safe and bug free home cloud solution," Lovatt said.

"Almost all models will disclose a clear text creational file, making any MD5 hashing on the /etc/shadow file meaningless."

The patches were available on the Asus website.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

First npm worm "Shai-Hulud" released in supply chain attack

First npm worm "Shai-Hulud" released in supply chain attack

"VoidProxy" PhishKit targets Google and Microsoft users

"VoidProxy" PhishKit targets Google and Microsoft users

Apple adds "mercenary spyware" protection to new A19 chip

Apple adds "mercenary spyware" protection to new A19 chip

Phishing attack nets enormous npm supply chain compromise

Phishing attack nets enormous npm supply chain compromise

Log In

  |  Forgot your password?