View on GitHub

IoPT App

We are here to improve the SoHo security a bit!

Get it on Google Play

Some models of ASUS routers include a service called infosvr that listens on a UDP port on the LAN or WLAN interface. The service runs with root privileges and contains an unauthenticated command execution vulnerability. Vulnerability lays in common.c in ASUS WRT firmware,, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999.


Manually check the version of the firmware running on a router and download/install the new firmware, if required.