ASUS RT-AC* and RT-N* devices with firmware prior to 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
asus rt-ac1750_firmware 3.0.0.4.380.7266 |
Buggy admin interface – where have we heard that before?
Asus RT wireless routers have joined the SOHOpeless list – with poor cross-site request forgery protection affecting 30 variants of the devices. The design blunders, labeled CVE-2017-5891, hit RT-AC and RT-N variants using firmware older than version 3.0.0.4.380.7378. The lack of CSRF protection means that if the user has left the default credentials – admin:admin – in place, or if an attacker knows the admin password, a malicious webpage can log into the router when visited by the victim....