This router is vulnerable to fake updates and cross-site scripting attacks
A vulnerable Wi-Fi router can leave your entire network open to attack which is why users should download and install the latest firmware and patches from device manufacturers as soon as they become available.
Security research manager at Trustwave, Martin Rakhmanov recently discovered two security flaws in the update functionality of ASUS’ RT-AC1900P router firmware that could allow for complete compromise of the device and all the traffic that passes through it, if left unpatched.
The first vulnerability Rakhmanov found involves accepting untrusted or forged certificates by the weget program used by the router to fetch updates from ASUS servers. If you log in to an ASUS RT-AC1900P router running older firmware via SSH and grep through the file system, you’ll find a string which reads “–no-check-certificate”.
This search will show some shell scripts that are used to perform downloads from ASUS’ update servers. A malicious attacker could then exploit the fact that the software doesn’t check certificates to force malicious files to be installed. However, the attacker would need to be near the vulnerable router to carry out a man in the middle attack (MITM), though a successful compromise of the router would give an attacker complete access to all of the traffic passing through the router.
XSS vulnerability
The second security flaw Rakhmanov discovered was a cross-site scripting (XSS) vulnerability in the Web Management interface ASUS uses for firmware updates. In the interface, the release notes page did not properly escape the contents of page before rendering it to the user.
A malicious party could leverage the MITM flaw and chain it with arbitrary JavaScript code execution to attack administrators.
Thankfully both of these flaws have been addressed by ASUS and users with a RT-AC1900P router can install the company’s latest firmware to prevent falling victim to any potential attacks.