Home
 » ISP News » 
Sponsored

Two Security Vulnerabilities Found in Asus RT-AC1900P Router

Thursday, July 23rd, 2020 (2:00 pm) - Score 2,868
asus_RTAC1900P_RTAC68U

Owners of the popular ASUS RT-AC1900P (RT-AC68U) broadband router should immediately visit the product’s support site to download and apply the latest firmware update, which comes after two new vulnerabilities were discovered that “could allow for complete compromise” of the device and all traffic that traverses it.

The router itself has been around for a number of years, but it remains one of the most popular thanks to its feature set and performance. However Trustwave, a digital security specialist with a long history of finding holes in routers (examples here and here), recently unearthed two new vulnerabilities in the RT-AC1900P’s firmware update functionality.

The manufacturer, ASUS, was notified of these issues some time ago and has already patched them in their recent firmware (here). Suffice to say that now is a good time to update, given that the new vulnerabilities have been disclosed to the public.

Finding 1: Update Accepts Forged Server Certificates (CVE-2020-15498)

The first vulnerability was about accepting untrusted (forged) certificates by the wget program used by the router to fetch the updates from ASUS servers. If you happen to have an ASUS RT-AC1900P using old firmware, you can login via SSH and grep through the filesystem for a string:

–no-check-certificate

This will yield some shell scripts that perform downloads from the ASUS update servers. A malicious attacker could exploit this lack of certificate checking to force the install of malicious files. While the attacker would have to be adjacent network wise to the vulnerable router to perform the man in the middle attack (MITM), a successful attack could result in a full compromise of the router allowing for complete access to all traffic going through it. The latest firmware does not use this wget option anymore, so the MITM attack is no longer possible.

Finding 2: XSS in Release Notes Dialog Window (CVE-2020-15499)

The second bug ASUS fixed was a cross-site scripting (XSS) vulnerability in the Web Management interface related to firmware updates: the release notes page did not properly escape the contents of the page before rendering it to the user. This means that a legitimate administrator could be attacked by malicious party using the first man in the middle finding and chaining it with arbitrary JavaScript code execution. Example of a fake release notes page for this attack:

{/textarea}
{script}alert(document.cookie);{/script}
{textarea}

ASUS fixed this in the latest firmware so that the release notes page no longer renders arbitrary contents verbatim.

A number of other security flaws in the RT-AC1900P have also been found and patched since these were discovered, although the exact details of those have yet to be made public.

Leave a Comment
3 Responses
  1. Avatar asusruss says:

    I bought the newest RT-AC68U 7 months ago and its constantly had bugs and flaws but very recenctly there has been many updates coming out for it.
    Hopefully it will improve otherwise i’m feeding it to the dustbin!

    1. Avatar Stephen Wakeman says:

      As per Paul’s comment I would highly recommend flashing from Asus firmware to Merlin’s firmware https://www.asuswrt-merlin.net/

      One of the best things about owning a popular router from the likes of Asus or Netgear (Voxel in NG’s case) is the absolutely fantastic firmware that you can get. Both Merlin and Voxel put out regular updates that really put to shame the router manufacturer’s own stuff.

  2. Avatar Paul says:

    Better going for Merlin’s firmware. I’ve confirmed with him these CVEs don’t apply to his.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £22.00
    Avg. Speed 50Mbps, Unlimited
    Gift: None
  • Onestream £22.49 (*29.99)
    Avg. Speed 45Mbps, Unlimited
    Gift: None
  • xln telecom £22.74 (*47.94)
    Avg. Speed 66Mbps, Unlimited
    Gift: None
  • Plusnet £22.99 (*35.98)
    Avg. Speed 36Mbps, Unlimited
    Gift: £50 Reward Card
  • Vodafone £23.00
    Avg. Speed 35Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2769)
  2. FTTP (2756)
  3. FTTC (1785)
  4. Building Digital UK (1743)
  5. Politics (1667)
  6. Openreach (1622)
  7. Business (1434)
  8. FTTH (1340)
  9. Statistics (1241)
  10. Mobile Broadband (1227)
  11. Fibre Optic (1064)
  12. 4G (1057)
  13. Wireless Internet (1021)
  14. Ofcom Regulation (1015)
  15. Virgin Media (1006)
  16. EE (697)
  17. Vodafone (669)
  18. Sky Broadband (668)
  19. TalkTalk (663)
  20. 5G (517)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact