You are here

V-190: ASUS RT-N66U Router AiCloud Security Bypass Security Issue

July 2, 2013 - 12:38am

Addthis

PROBLEM:

ASUS RT-N66U Router AiCloud Security Bypass Security Issue

PLATFORM:

ASUS RT-N66U Router firmware versions 3.0.0.4.270 and 3.0.0.4.354.

ABSTRACT:

A security issue in ASUS RT-N66U Router has been reported

REFERENCE LINKS:

Secunia Advisory SA53931
neohapsis

IMPACT ASSESSMENT:

Medium

DISCUSSION:

The security issue is caused due to the device not properly restricting access when processing certain HTTPS requests and can be exploited to gain access to otherwise restricted functionality and e.g. disclose the contents of arbitrary files and directories.

Successful exploitation requires the AiCloud web service to be enabled.

IMPACT:

The security issue can be exploited by malicious people to bypass certain security restrictions.

SOLUTION:

No official solution is currently available.
 

Addthis