Asus router access, information disclosure, denial of service vulnerabilities discovered

10-Jan-23

One of the more recent Wi-Fi 6 (802.11ax) routers that also allows mesh networking with other Asus routers is the Asus RT-AX82U. It can be configured using an HTTP server operating on the local network, just like other routers. It can also be set up to provide remote administration and monitoring in a more IOT-style manner, though.

An authentication bypass flaw discovered by Talos, TALOS-2022-1586 (CVE-2022-35401), has the potential to grant full administrative rights. In order to take advantage of this vulnerability, an attacker would need to make several HTTP queries. This vulnerability can be activated by a network request sent by an attacker.

Read More…