Most Asus routers affected by hijack bug; exploit posted
![zack-whittaker-hs2016-rtsquare-1.jpg](https://www.zdnet.com/a/img/resize/4ee786d78c7d3a717dd531e7b22dfb55e7c7dca9/2016/08/12/d30657a3-a2c1-494b-9c32-8ac3bfad388e/zack-whittaker-hs2016-rtsquare-1.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
Several models of Asus' routers are vulnerable to an attack that leaves little for non-technical users to protect themselves until a fix is issued.
Featured
Security researcher Joshua Drake published an advisory warning that "all known firmware versions for applicable routers (RT-AC66U, RT-N66U, etc.) are assumed vulnerable."
The bug allows an attacker on the same network to take full administrative control of the router without the need for a password. The only known fix is to disable the troublesome infosvr service by killing the process when the affected device boots. That has to be performed each time the device restarts.
A working exploit was also published alongside the advisory.
While it may not be a major issue for those on private networks at home, those in offices or on public Wi-Fi are most at risk.
We've reached out to Asus but did not hear back at the time of writing.