• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

 | 

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

 | 

U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog

 | 

Microsoft issues emergency patches for SharePoint zero-days exploited in "ToolShell" attacks

 | 

SharePoint zero-day CVE-2025-53770 actively exploited in the wild

 | 

Singapore warns China-linked group UNC3886 targets its critical infrastructure

 | 

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 54

 | 

Security Affairs newsletter Round 533 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Radiology Associates of Richmond data breach impacts 1.4 million people

 | 

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

 | 

Authorities released free decryptor for Phobos and 8base ransomware

 | 

Anne Arundel Dermatology data breach impacts 1.9 million people

 | 

LameHug: first AI-Powered malware linked to Russia’s APT28

 | 

5 Features Every AI-Powered SOC Platform Needs in 2025

 | 

Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025

 | 

Stormous Ransomware gang targets North Country HealthCare, claims 600K patient data stolen

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Asus router users still vulnerale to remote hacking

Asus router users still vulnerale to remote hacking

Pierluigi Paganini February 19, 2014

Asus routers are still vulnerable to remote hacking after months of the disclosure of the flaw that allows hackers to access to the device-connected drive.

Ars security portal reported that hackers expose eight-month-old weakness in Asus routers by leaving a message on victims’ drives. An Ars reader claimed to have found a strange message browsing the content of his external hard drive, the note was in a text file and advised him that he had been hacked thanks to a critical flaw in the Asus router he used to access the network storage.

“This is an automated message being sent out to everyone effected [sic],” “Your Asus router (and your documents) can be accessed by anyone in the world with an Internet connection. You need to protect yourself and learn more by reading the following news article: http://nullfluid.com/asusgate.txt.” states the note in the text file.

The problem is not isolated, many other users have found the message on their machines, the hackers exploited the vulnerability in the Asus routers to have full access to the content of the hard drive.

Asus Router Vulnerable devices file

A few weeks ago on Pastebin were published 13,000 IP addresses of vulnerable Asus routers and a torrent link  to more than 10,000 complete or partial lists of files stored on the Asus-connected hard drives.

The flaw affecting the Asus routers was discovered eight months ago, hackers have the “ability to traverse to any external storage plugged in through the USB ports on the back of the router,“. The disconcerting aspect of the discovery is that the researcher Kyle Lovett decided to publicly disclose the vulnerability in Asus routers after privately contacting Asus company and getting a response that the reported behavior “was not an issue.”

Below the list of vulnerable Asus Routers:

  • RT-AC66R   Dual-Band Wireless-AC1750 Gigabit Router
  • RT-AC66U   Dual-Band Wireless-AC1750 Gigabit Router
  • RT-N66R     Dual-Band Wireless-N900 Gigabit Router with 4-Port Ethernet Switch
  • RT-N66U     Dual-Band Wireless-N900 Gigabit Router
  • RT-AC56U   Dual-Band Wireless-AC1200 Gigabit Router
  • RT-N56R     Dual-Band Wireless-AC1200 Gigabit Router
  • RT-N56U     Dual-Band Wireless-AC1200 Gigabit Router
  • RT-N14U     Wireless-N300 Cloud Router
  • RT-N16       Wireless-N300 Gigabit Router
  • RT-N16R     Wireless-N300 Gigabit Router

I suggest you the reading of the second Kyle Lovett’s post on the subject that includes many details on the flaw.

“Vulnerabilities – Due in large part to an exposed $root share on the NVRAM for Samba service, which was discovered in March of this year by another researcher, on almost all of the above models that have enabled AiCloud service, the end users will find themselves exposed to multiple methods of attack and several dangerous remote exploits. Since authentication can be simply bypassed on the those units running HTTPS WebDav via directory traversal, access to all files which control services on either side of the router are wide open to remote manipulation. All pem and key files are also openly available.”

Asus declared to have fixed the Vulnerabilities in RT-N66U, RT-N66R and RT-N66W Routers, but the attack suffered by the Ars reader demonstrates the existence of still vulnerable Asus routers.

“Needless to say, I am pissed “It was my belief that I had all of these options turned off,” “I definitely have never used AICloud or had it enabled. In fact, the only thing I’ve ever enabled myself is the Samba share. However, the Asus menu is very unclear about what is being shared and with whom. Reported the victim to Ars

I believe the issue is really serious, consider that an attacker could deploy malicious content or illegal files on the victims PC with not negligible legal implications.It’s not a good period for network device manufactures, this morning I published the news on the public disclosure of the exploit to hit Linksys routers and a few weeks ago I reported the large-scale attacks observed in Poland where the Polish Computer Emergency Response Team has documented a series of cyber attacks involved cybercriminals hacking into home routers and changing their DNS settings so they can conduct MITM attacks on online banking connection.  According Polish IT security outfit Niebezpiecznik.pl, the attackers probably exploited a flaw in the router firmware ZyNOS router firmware created by ZyXEL Communications and used in many router models from other manufacturers including TP-Link, ZTE, D-Link and AirLive.

Check the setting of your router and carefully update it according instruction provided by manufactures.

Pierluigi Paganini

(Security Affairs –  Asus routers, hacking)


facebook linkedin twitter

ASUS ASUS Routers backdoor Firmware Update Hacking Linksys password Router Security News Unauthorized Access USB

you might also like

Pierluigi Paganini July 22, 2025
Cisco confirms active exploitation of ISE and ISE-PIC flaws
Read more
Pierluigi Paganini July 22, 2025
SharePoint under fire: new ToolShell attacks target enterprises
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Cisco confirms active exploitation of ISE and ISE-PIC flaws

    Hacking / July 22, 2025

    SharePoint under fire: new ToolShell attacks target enterprises

    Hacking / July 22, 2025

    CrushFTP zero-day actively exploited at least since July 18

    Hacking / July 22, 2025

    Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

    Security / July 22, 2025

    MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

    APT / July 21, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT