Multiple Asus Router Directory Traversal Vulnerability Network Vulnerability

Summary

The remote Asus router is prone to a directory traversal vulnerability.

Impact

Disclosure of cleartext passwords.

Solution

Turn off AiCloud service.

Affected

Vulnerable Asus Models RT-AC66R Dual-Band Wireless-AC1750 Gigabit Router RT-AC66U Dual-Band Wireless-AC1750 Gigabit Router RT-N66R Dual-Band Wireless-N900 Gigabit Router with 4-Port Ethernet Switch RT-N66U Dual-Band Wireless-N900 Gigabit Router RT-AC56U Dual-Band Wireless-AC1200 Gigabit Router RT-N56R Dual-Band Wireless-AC1200 Gigabit Router RT-N56U Dual-Band Wireless-AC1200 Gigabit Router RT-N14U Wireless-N300 Cloud Router RT-N16 Wireless-N300 Gigabit Router RT-N16R Wireless-N300 Gigabit Router

Detection

Try to read /etc/shadow.

References

http://heise.de/-2105778

Updated on 2017-03-28

Severity

Classification

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N

Related Vulnerabilities

ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
Apple Safari RSS Feed Information Disclosure Vulnerability
Artmedic Kleinanzeigen File Inclusion Vulnerability
AVTECH DVR Multiple Vulnerabilities
aflog Cookie-Based Authentication Bypass Vulnerability

Take action and discover your vulnerabilities