Some models of ASUS routers include a service called infosvr that listens on a UDP port on the LAN or WLAN interface. The service runs with root privileges and contains an unauthenticated command execution vulnerability. Vulnerability lays in common.c in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999.
Recommendations
Manually check the version of the firmware running on a router and download/install the new firmware, if required.
References
- ASUS Router infosvr UDP Broadcast root Command Execution
- Vulnerability details
- Exploit
- Got an Asus router? Someone on your network can probably hack it
CVE-2014-9583