Tech

Most Asus routers affected by hijack bug; exploit posted

An unpatched router can be hijacked, if the attacker is on the same network.

Written by Zack Whittaker, Contributor Jan. 9, 2015 at 7:59 a.m. PT

Many models of Asus' router line-up are affected
(Image: CNET)

Several models of Asus' routers are vulnerable to an attack that leaves little for non-technical users to protect themselves until a fix is issued.

Featured

I tested Lenovo's dual-screen laptop and it improved my productivity in profound ways
Samsung Galaxy Book 4 Ultra review: Should Windows users consider anything else?
Nothing's new $99 earbuds are the most stylish ones I've tested (and almost perfect)
The most charming projector I've tested has now replaced my TV for movie nights

Security researcher Joshua Drake published an advisory warning that "all known firmware versions for applicable routers (RT-AC66U, RT-N66U, etc.) are assumed vulnerable."

The bug allows an attacker on the same network to take full administrative control of the router without the need for a password. The only known fix is to disable the troublesome infosvr service by killing the process when the affected device boots. That has to be performed each time the device restarts.

A working exploit was also published alongside the advisory.

While it may not be a major issue for those on private networks at home, those in offices or on public Wi-Fi are most at risk.

We've reached out to Asus but did not hear back at the time of writing.

Editorial standards

Show Comments

Linus Torvalds and Dirk Hohndel, Open Source Summit North America 2024

Most Asus routers affected by hijack bug; exploit posted

Featured

Related

Linus Torvalds takes on evil developers, hardware errors and 'hilarious' AI hype

6 features I wish MacOS would copy from Linux

The best AI image generators to try right now