Most Asus routers affected by hijack bug; exploit posted

An unpatched router can be hijacked, if the attacker is on the same network.

asus-hero.jpg
Many models of Asus' router line-up are affected (Image: CNET)

Several models of Asus' routers are vulnerable to an attack that leaves little for non-technical users to protect themselves until a fix is issued.

Security researcher Joshua Drake published an advisory warning that "all known firmware versions for applicable routers (RT-AC66U, RT-N66U, etc.) are assumed vulnerable."

The bug allows an attacker on the same network to take full administrative control of the router without the need for a password. The only known fix is to disable the troublesome infosvr service by killing the process when the affected device boots. That has to be performed each time the device restarts.

A working exploit was also published alongside the advisory.

While it may not be a major issue for those on private networks at home, those in offices or on public Wi-Fi are most at risk.

We've reached out to Asus but did not hear back at the time of writing.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All