Home News Update Now! Researchers Find Multiple Bugs in ASUS Routers

Update Now! Researchers Find Multiple Bugs in ASUS Routers

MikroTik Devices, ASUS Routers

Security researchers from Trustwave revealed that certain models of ASUS routers are vulnerable to malicious attacks. The bugs in the routers are related to its firmware update process. In a security advisory, the researchers stated that they found security vulnerabilities in the ASUS RT-AC1900P router model of version 3.0.0.4.385_10000-gd8ccd3c. The two vulnerabilities, dubbed CVE-2020-15498 and CVE-2020-15499, in the routers’ firmware could have allowed attackers to perform malicious attacks.

Trustwave researchers said the vulnerability CVE-2020-15498 allows the router to accept forged server certificates for the firmware update. This enables  cybercriminals to launch a man-in-the-middle attack (MITM) using no-check-certificate option passed to the wget tool and later download firmware update files on the router by connecting the device to a malicious network. The vulnerability CVE-2020-15499 shows the firmware release notes dialog in the router management web interface, which is susceptible to cross-site scripting.

“Given that the device accepts forged certificates, an attacker can trick the router to display a message that a new firmware is available when the admin user opens the firmware upgrade page. Furthermore, an attacker can then craft a malicious file containing release notes for the new firmware that will contain arbitrary javascript. Due to cross-site scripting the malicious javascript will be executed when an unsuspecting admin user clicks the release notes link on the firmware upgrade page,” the researchers explained.

Trustwave recommended users to immediately upgrade the router’s firmware to version 3.0.0.4.385_20253 or the latest stable release to avoid any malicious intrusions.

Target on Home Routers

Recently, cybersecurity solutions provider Trend Micro warned users about a new wave of attacks targeting home routers. In its research report “Worm War: The Botnet Battle for IoT Territory,” Trend Micro revealed that cybercriminals are using home routers to build botnets. The research found a surge in cyberattacks by exploiting routers, particularly in Q4 2019. Attackers made brute force log-in attempts against routers by using automated software to try common password combinations. The number of attacks increased from around 23 million in September to nearly 249 million attacks in December 2019. In March 2020, around 194 million brute force login attacks were reported.