Home
 » ISP News » 
Sponsored Links

Two Security Vulnerabilities Found in Asus RT-AC1900P Router

Thursday, Jul 23rd, 2020 (2:00 pm) - Score 3,652
asus_RTAC1900P_RTAC68U

Owners of the popular ASUS RT-AC1900P (RT-AC68U) broadband router should immediately visit the product’s support site to download and apply the latest firmware update, which comes after two new vulnerabilities were discovered that “could allow for complete compromise” of the device and all traffic that traverses it.

The router itself has been around for a number of years, but it remains one of the most popular thanks to its feature set and performance. However Trustwave, a digital security specialist with a long history of finding holes in routers (examples here and here), recently unearthed two new vulnerabilities in the RT-AC1900P’s firmware update functionality.

The manufacturer, ASUS, was notified of these issues some time ago and has already patched them in their recent firmware (here). Suffice to say that now is a good time to update, given that the new vulnerabilities have been disclosed to the public.

Finding 1: Update Accepts Forged Server Certificates (CVE-2020-15498)

The first vulnerability was about accepting untrusted (forged) certificates by the wget program used by the router to fetch the updates from ASUS servers. If you happen to have an ASUS RT-AC1900P using old firmware, you can login via SSH and grep through the filesystem for a string:

–no-check-certificate

This will yield some shell scripts that perform downloads from the ASUS update servers. A malicious attacker could exploit this lack of certificate checking to force the install of malicious files. While the attacker would have to be adjacent network wise to the vulnerable router to perform the man in the middle attack (MITM), a successful attack could result in a full compromise of the router allowing for complete access to all traffic going through it. The latest firmware does not use this wget option anymore, so the MITM attack is no longer possible.

Finding 2: XSS in Release Notes Dialog Window (CVE-2020-15499)

The second bug ASUS fixed was a cross-site scripting (XSS) vulnerability in the Web Management interface related to firmware updates: the release notes page did not properly escape the contents of the page before rendering it to the user. This means that a legitimate administrator could be attacked by malicious party using the first man in the middle finding and chaining it with arbitrary JavaScript code execution. Example of a fake release notes page for this attack:

{/textarea}
{script}alert(document.cookie);{/script}
{textarea}

ASUS fixed this in the latest firmware so that the release notes page no longer renders arbitrary contents verbatim.

A number of other security flaws in the RT-AC1900P have also been found and patched since these were discovered, although the exact details of those have yet to be made public.

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
Tags:
Mark-Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook and .
Search ISP News
Search ISP Listings
Search ISP Reviews
Comments
3 Responses
  1. Avatar photo asusruss says:

    I bought the newest RT-AC68U 7 months ago and its constantly had bugs and flaws but very recenctly there has been many updates coming out for it.
    Hopefully it will improve otherwise i’m feeding it to the dustbin!

    1. Avatar photo Stephen Wakeman says:

      As per Paul’s comment I would highly recommend flashing from Asus firmware to Merlin’s firmware https://www.asuswrt-merlin.net/

      One of the best things about owning a popular router from the likes of Asus or Netgear (Voxel in NG’s case) is the absolutely fantastic firmware that you can get. Both Merlin and Voxel put out regular updates that really put to shame the router manufacturer’s own stuff.

  2. Avatar photo Paul says:

    Better going for Merlin’s firmware. I’ve confirmed with him these CVEs don’t apply to his.

Comments are closed

Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Sky Broadband UK ISP Logo
100Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £27.00
132Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £27.99
145Mbps
Gift: None
Zen Internet UK ISP Logo
Zen Internet £28.00 - 35.00
100Mbps
Gift: None
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
BeFibre UK ISP Logo
BeFibre £19.00
150Mbps
Gift: None
YouFibre UK ISP Logo
YouFibre £19.99
150Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Large Availability | View All
The Top 15 Category Tags
  1. FTTP (5628)
  2. BT (3541)
  3. Politics (2570)
  4. Openreach (2320)
  5. Business (2297)
  6. Building Digital UK (2261)
  7. FTTC (2051)
  8. Mobile Broadband (2006)
  9. Statistics (1807)
  10. 4G (1694)
  11. Virgin Media (1649)
  12. Ofcom Regulation (1481)
  13. Fibre Optic (1413)
  14. Wireless Internet (1407)
  15. FTTH (1382)
Promotion
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact
Mastodon