The following advisory describes two (2) vulnerabilities found in AsusWRT Version 220.127.116.11.380.7743. The combination of the vulnerabilities leads to LAN remote command execution on any Asus router.
AsusWRT is “THE POWERFUL USER-FRIENDLY INTERFACE – The enhanced ASUSWRT graphical user interface gives you easy access to the 30-second, 3-step web-based installation process. It’s also where you can configure AiCloud 2.0 and all advanced options. ASUSWRT is web-based, so it doesn’t need a separate app, or restrict what you can change via mobile devices — you get full access to everything, from any device that can run a web browser”
The vulnerabilities found are:
- Access bypass
- Configuration manipulation
An independent security researcher, Pedro Ribeiro (pedrib_at_gmail.com), has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Asus were informed of the vulnerabilities and released patches to address them (version 18.104.22.168.384_10007).
For more details: https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/
CVE: CVE-2018-5999 and CVE-2018-6000