“The ASUS RT- series of routers rely on an easily manipulated process to determine if an update is needed, and to retrieve the necessary update file,”  “Since the router downloads via HTTP instead of HTTPS, there is no way to validate that the server at the other end is in fact the ASUS server and not an impostor.”

According to the expert, the updating process for the ASUS Wireless Routers RT Series is insecure. The network device first downloads a clear-text file list containing the latest firmware builds, then it parses the downloaded file searching for a newer available firmware update. Once a new firmware update is available, the router downloads the firmware package.

“Knowing the actual latest revision for one or more target router models, we can increment the extended version (EXT####) and place the file in a matching path (pub/ASUS/LiveUpdate/Release/Wireless/wlan_update_v2.zip) on a server that we control. ” wrote Longenecker.  

The process is clearly exposed to external attack like the Man-in-the-Middle, this means that an attacker can tamper with both the list and software and compromise the router to access/manipulate the traffic that passes through it.

The ASUS Wireless Routers RT Series affected by the issue are: RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R and RT-N56U.

Experts speculated that also other ASUS Wireless Routers RT Series are affected by the same issue: RT-N53, RT-N14U, RT-N16 and RT-N16R.

ASUS quickly issued an undocumented fix to solve the problem, it is necessary that users will download it directly from the official ASUS website (asus.com), avoiding to use the built in update feature implemented in the router GUI.

Pierluigi Paganini

Security Affairs –  (ASUS Wireless Routers RT Series, hacking)