Asus have been notified but haven't even acknowledged yet alone mentioned a fix.
If the inbuilt webserver is activated, anyone on the local network can get the full user/pass list from the router without any identification whatsoever by going to the ip address of the router and appending /userdata
Example, say the ip address is 192.168.0.1, go to:
http://192.168.0.1/userdata
This will output the contents of the userdata file which contains completely unencrypted usernames and passwords. There are plenty of other files that can be access with this trick, I haven't looked at the content of them so I don't know what else you can do.
This security flaw arises because the webserver on the router is mapped to index.html which provides a link to /secure/Home.htm
You are not prompted for a password until you attempt to access files under /secure
Telnet to the router, enter the user mode console and then type "flashfs"
Type ls to see all configuration files accessible through this flaw.
If the inbuilt webserver is activated, anyone on the local network can get the full user/pass list from the router without any identification whatsoever by going to the ip address of the router and appending /userdata
Example, say the ip address is 192.168.0.1, go to:
http://192.168.0.1/userdata
This will output the contents of the userdata file which contains completely unencrypted usernames and passwords. There are plenty of other files that can be access with this trick, I haven't looked at the content of them so I don't know what else you can do.
This security flaw arises because the webserver on the router is mapped to index.html which provides a link to /secure/Home.htm
You are not prompted for a password until you attempt to access files under /secure
Telnet to the router, enter the user mode console and then type "flashfs"
Type ls to see all configuration files accessible through this flaw.
[ reply ]