ASUS RT-AC* and RT-N* devices with firmware prior to 22.214.171.124.380.7378 have Login Page CSRF and Save Settings CSRF.
|Search on Vulmon
|Subscribe to Product
asus rt-ac1750_firmware 126.96.36.199.380.7266
Buggy admin interface – where have we heard that before?
Asus RT wireless routers have joined the SOHOpeless list – with poor cross-site request forgery protection affecting 30 variants of the devices.
The design blunders, labeled CVE-2017-5891, hit RT-AC and RT-N variants using firmware older than version 188.8.131.52.380.7378.
The lack of CSRF protection means that if the user has left the default credentials – admin:admin – in place, or if an attacker knows the admin password, a malicious webpage can log into the router when visited by...