Multiple RT router models from ASUS received a patch recently to protect them against vulnerabilities that could allow an attacker to access the device and change its settings. This could happen when the victim loads a web page with malicious JavaScript code carrying commands for the router’s web-based administration panel.
Affected ASUS routers are susceptible to an attack method called cross-site request forgery (CSRF), which allows the router’s login page to execute requests from a different web page. Consultants from Nightwatch Cybersecurity found tthis flaw in 30 router models from ASUS, in the login page and in the interface that saved the configuration.
To hijack the device, an attacker should know the access credentials for the router and its internal IP address. Many users harbor the risky belief that they would not be targeted and do not bother to change the default credentials and the IP, but these details are publicly available.
One common risk arising from this is that the router could be configured to connect to a Domain Name System (DNS) server controlled by the hackers. DNS’s purpose is to convert web domain names into IP addresses so the client lands on the correct websites. With altered DNS settings, the hacker can redirect the user to a bogus web page and carry out a convincing phishing attack since the browser shows the right web address.
Cybercriminals also need to cover their tracks or establish hidden communication paths, and routers can assume the role of a proxy or VPN server for trafficking illegal data. The passage created this way can be used to attack other targets or test stolen credit cards. Enrolling the device into a botnet for distributed-denial of service or scanning the web is yet another risk users should think of when neglecting to change default router credentials.
The list of vulnerabilities discovered by Nightwatch Cybersecurity in ASUS routers also includes three information disclosure vulnerabilities that return the model of the router, the name of the wireless network, the local IP, network information, info on proximal access points and the network device map and the WiFi password (more difficult to exploit, but not impossible).
In an advisory last week, the researchers list all routers they found vulnerable, as well as those devices that received a firmware update from ASUS (v3.0.0.4.380.7378), possibly because of this disclosure. A user reported that the 4G-AC55U model also suffered from these flaws but received no patch for a year.
Users should always apply the latest updates from router vendors and follow at least tbasic security recommendations, such as setting strong passwords for accessing the device configuration and the wireless network, and changing the internal IP address from the default one. This could be enough to protect these devices from most cyber-attacks that target them.
Photo credit: Maylyn
tags
November 14, 2024
September 06, 2024