Wireless router models running the Asuswrt firmware are vulnerable to attacks where blackhat hackers can completely compromise the devices if the attack is launched from within the local networks of the routers.
Infosvr, the service running on the routers, is used by the Asus Wireless Router Device Discovery Utility tools and it is the source of this flaw. Infosvr listens to packets that are sent to the router’s local are network interface over a UDO broadcast port 9999.
Blackhat Hackers can’t make use of this flaw of the internet but they can control the routers if:
* They manage to get into a device connected to the routers
* They manage to connect to the LAN in one way or another
* They manage to get to any local computer that already has the malware on it.
Routers are one of the most sought after target for hackers because once they compromise a router, they can get access to networks and get into other devices on the network. Routers are also easier to hack since they have no virus detection programs running on them.
“This service runs with root privileges and contains an unauthenticated command execution vulnerability,” security researcher Joshua Drake, who found the vulnerability, said on his GitHub account.
Controlling routers for a hacker means being able to monitor and modify all incoming and outgoing traffic for every other device connected to those routers.
Asus has yet to release an update to fix the issue with the routers but there are some ways to block such exploits in the meantime until firmware updates are released. One of them is to create a firewall rule that blocks UDP port 9999 on the affected router like this:
* Connect to the router via Telnet
* Type “iptables -I INPUT -p udp —dport 9999 -j DROP” (without the quotes)
This will block the said port but it will have to be redone with every reboot of the router.
Another option that is more permanent would be to upgrade to version 376.49_5 of the Merlin firmware. This version actually contains a fix for the exploit.
THE LATEST MERLIN FIRMWARE IS NOW AVAILABLE.
NOTE: ASUS HAS ALSO RELEASED THEIR OWN PATCH FOR THIS SECURITY ISSUE.
"Installing custom firmware can void the device warranty and should only be done by owners or authorized users who understand the process involved. And that those individuals accept all the risks associated with this procedure, including the possibility that their device might become permanently damaged."
Edited by Bluediamond, 12 January 2015 - 11:49 PM.