• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 51

 | 

Security Affairs newsletter Round 530 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

The FBI warns that Scattered Spider is now targeting the airline sector

 | 

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

 | 

Taking over millions of developers exploiting an Open VSX Registry flaw

 | 

OneClik APT campaign targets energy sector with stealthy backdoors

 | 

APT42 impersonates cyber professionals to phish Israeli academics and journalists

 | 

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

 | 

Cisco fixed critical ISE flaws allowing Root-level remote code execution

 | 

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

 | 

CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

 | 

Hackers deploy fake SonicWall VPN App to steal corporate credentials

 | 

Mainline Health Systems data breach impacted over 100,000 individuals

 | 

Disrupting the operations of cryptocurrency mining botnets

 | 

Prometei botnet activity has surged since March 2025

 | 

The U.S. House banned WhatsApp on government devices due to security concerns

 | 

Russia-linked APT28 use Signal chats to target Ukraine official with malware

 | 

China-linked APT Salt Typhoon targets Canadian Telecom companies

 | 

U.S. warns of incoming cyber threats following Iran airstrikes

 | 

McLaren Health Care data breach impacted over 743,000 people

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Asus router users still vulnerale to remote hacking

Asus router users still vulnerale to remote hacking

Pierluigi Paganini February 19, 2014

Asus routers are still vulnerable to remote hacking after months of the disclosure of the flaw that allows hackers to access to the device-connected drive.

Ars security portal reported that hackers expose eight-month-old weakness in Asus routers by leaving a message on victims’ drives. An Ars reader claimed to have found a strange message browsing the content of his external hard drive, the note was in a text file and advised him that he had been hacked thanks to a critical flaw in the Asus router he used to access the network storage.

“This is an automated message being sent out to everyone effected [sic],” “Your Asus router (and your documents) can be accessed by anyone in the world with an Internet connection. You need to protect yourself and learn more by reading the following news article: http://nullfluid.com/asusgate.txt.” states the note in the text file.

The problem is not isolated, many other users have found the message on their machines, the hackers exploited the vulnerability in the Asus routers to have full access to the content of the hard drive.

Asus Router Vulnerable devices file

A few weeks ago on Pastebin were published 13,000 IP addresses of vulnerable Asus routers and a torrent link  to more than 10,000 complete or partial lists of files stored on the Asus-connected hard drives.

The flaw affecting the Asus routers was discovered eight months ago, hackers have the “ability to traverse to any external storage plugged in through the USB ports on the back of the router,“. The disconcerting aspect of the discovery is that the researcher Kyle Lovett decided to publicly disclose the vulnerability in Asus routers after privately contacting Asus company and getting a response that the reported behavior “was not an issue.”

Below the list of vulnerable Asus Routers:

  • RT-AC66R   Dual-Band Wireless-AC1750 Gigabit Router
  • RT-AC66U   Dual-Band Wireless-AC1750 Gigabit Router
  • RT-N66R     Dual-Band Wireless-N900 Gigabit Router with 4-Port Ethernet Switch
  • RT-N66U     Dual-Band Wireless-N900 Gigabit Router
  • RT-AC56U   Dual-Band Wireless-AC1200 Gigabit Router
  • RT-N56R     Dual-Band Wireless-AC1200 Gigabit Router
  • RT-N56U     Dual-Band Wireless-AC1200 Gigabit Router
  • RT-N14U     Wireless-N300 Cloud Router
  • RT-N16       Wireless-N300 Gigabit Router
  • RT-N16R     Wireless-N300 Gigabit Router

I suggest you the reading of the second Kyle Lovett’s post on the subject that includes many details on the flaw.

“Vulnerabilities – Due in large part to an exposed $root share on the NVRAM for Samba service, which was discovered in March of this year by another researcher, on almost all of the above models that have enabled AiCloud service, the end users will find themselves exposed to multiple methods of attack and several dangerous remote exploits. Since authentication can be simply bypassed on the those units running HTTPS WebDav via directory traversal, access to all files which control services on either side of the router are wide open to remote manipulation. All pem and key files are also openly available.”

Asus declared to have fixed the Vulnerabilities in RT-N66U, RT-N66R and RT-N66W Routers, but the attack suffered by the Ars reader demonstrates the existence of still vulnerable Asus routers.

“Needless to say, I am pissed “It was my belief that I had all of these options turned off,” “I definitely have never used AICloud or had it enabled. In fact, the only thing I’ve ever enabled myself is the Samba share. However, the Asus menu is very unclear about what is being shared and with whom. Reported the victim to Ars

I believe the issue is really serious, consider that an attacker could deploy malicious content or illegal files on the victims PC with not negligible legal implications.It’s not a good period for network device manufactures, this morning I published the news on the public disclosure of the exploit to hit Linksys routers and a few weeks ago I reported the large-scale attacks observed in Poland where the Polish Computer Emergency Response Team has documented a series of cyber attacks involved cybercriminals hacking into home routers and changing their DNS settings so they can conduct MITM attacks on online banking connection.  According Polish IT security outfit Niebezpiecznik.pl, the attackers probably exploited a flaw in the router firmware ZyNOS router firmware created by ZyXEL Communications and used in many router models from other manufacturers including TP-Link, ZTE, D-Link and AirLive.

Check the setting of your router and carefully update it according instruction provided by manufactures.

Pierluigi Paganini

(Security Affairs –  Asus routers, hacking)


facebook linkedin twitter

ASUS ASUS Routers backdoor Firmware Update Hacking Linksys password Router Security News Unauthorized Access USB

you might also like

Pierluigi Paganini June 28, 2025
The FBI warns that Scattered Spider is now targeting the airline sector
Read more
Pierluigi Paganini June 27, 2025
Taking over millions of developers exploiting an Open VSX Registry flaw
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 51

    Breaking News / June 29, 2025

    Security Affairs newsletter Round 530 by Pierluigi Paganini – INTERNATIONAL EDITION

    Breaking News / June 29, 2025

    The FBI warns that Scattered Spider is now targeting the airline sector

    Cyber Crime / June 28, 2025

    LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

    Malware / June 28, 2025

    Taking over millions of developers exploiting an Open VSX Registry flaw

    Hacking / June 27, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT