Cisco Talos recently discovered three vulnerabilities in Asus router software.
The Asus RT-AX82U router is one of the newer Wi-Fi 6 (802.11ax)-enabled routers that also supports mesh networking with other Asus routers. Like other routers, it is configurable via an HTTP server running on the local network. However, it can also be configured to support remote administration and monitoring in more of an IOT style.
Talos has identified TALOS-2022-1586 (CVE-2022-35401), an authentication bypass vulnerability that can lead to full administrative privileges. An attacker would need to send a series of HTTP requests to exploit this vulnerability.
TALOS-2022-1590 (CVE-2022-38105) is an information disclosure vulnerability in the opcode of the router’s configuration service that can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability.
TALOS-2022-1592 (CVE-2022-38393) is a denial of service vulnerability, also in the opcode of the configuration service. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.
Cisco Talos worked with Asus to ensure that these issues were resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.
Users are encouraged to update this affected product as soon as possible: Asus RT-AX82U 3.0.0.4.386_49674-ge182230. Talos tested and confirmed this version of Asus could be exploited by these vulnerabilities.
The following Snort rules will detect exploitation attempts against these vulnerabilities: 60394 and 60473. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.