Routersicherheitslücken - Sammelthread. Den Anfang macht ASUS

[eratte]

Neustart und Firmware-Update zwecklos: Tausende Asus-Router kompromittiert (heise)

Das schon übel:

Die Hintertür selbst werde in nicht-flüchtigem NVRAM abgelegt, weshalb sie weder durch einen Neustart noch durch ein Firmware-Update geschlossen werden könne.

Ist ein Gerät kompromittiert, helfe nur das Zurücksetzen auf die Werkseinstellung und die manuelle Neukonfiguration.

ASUS Routers Vulnerable: Hackers Implant Undetectable Backdoors in NVRAM (guru3d)
9,000 Asus routers compromised by botnet attack and persistent SSH backdoor that even firmware updates can't fix (tom's Hardware)

 

[eratte]

ASUS Routers Vulnerable: Hackers Implant Undetectable Backdoors in NVRAM (udated) (guru3d)

Update: Here is the response from ASUS:

In response to recent media reports regarding attempts to exploit vulnerabilities in ASUS routers, ASUS would like to communicate that these vulnerabilities can be fixed. While some have noted that a firmware update alone may not completely address the issue, ASUS would like to emphasize the following recommendations — including updating to the latest firmware, performing a factory reset, and setting strong administrator passwords — to effectively restore and maintain device security.

The steps outlined below are not only essential for mitigating potential risks but also critical for reinforcing long-term protection and responsible device management in today’s evolving cybersecurity environment.

Firmware updates and strong passwords can effectively prevent future risks​

These media reports involve security vulnerability (CVE-2023-39780), which was disclosed in 2023. Devices that have been updated with the latest firmware and secured with a strong administrator password can prevent future exploitation of this vulnerability and block similar attack methods.

Users are recommended to use a password at least 10 characters long, and include uppercase and lowercase letters, numbers, and symbols. In addition, ASUS recommends keeping device firmware up to date to ensure ongoing protection.

Devices that may have been affected can be fully restored

If the device was previously using outdated firmware along with a weak password, and users suspect it may have been compromised, please follow the steps below to secure the device:
1. Update the firmware to the latest version
2. Perform a factory reset to clear any unauthorized or abnormal settings
3. Set a strong administrator password as described above

These steps will ensure that the device is fully secured and no residual risk remain.

End-of-Life (EOL) devices can still be safely used​

For EOL devices that no longer receive firmware updates, the following best practices are recommended:
1. Install the latest available firmware version for the device
2. Use a strong administrator password
3. Disable all remote access features such as SSH, DDNS, AiCloud, or Web Access from WAN

Completing the above steps will effectively prevent the exploitation methods described in recent reports.

Optional self-checks for suspicious activity

Users may perform the following checks to determine if their device shows signs of unauthorized access:
1. Confirm that the SSH (especially TCP port 53282) is not exposed to the internet
2. Check the System Log for repeated login failures or unfamiliar SSH keys
3. If anything appears suspicious, follow the above recommendations to thoroughly remove any potential threats.

ASUS remains fully committed to ensuring the security of its users. Firmware update notifications and security recommendations have been issued for supported models. For further assistance, please contact the ASUS Customer Service team.

Thank you for your continued trust and support.

 

[RedBaron]

Vielen Dank für die Eröffnung dieses Thema.

 

[RedBaron]

CVE-2025-34037: Linksys E-Series, back from the dead

What is it?​

This one is a nightmare for anyone still clinging to an older Linksys E-Series router. CVE-2025-34037 is a critical OS command injection vulnerability affecting the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP port 8080. What makes it so nasty? It's unauthenticated, zero-click, and has a perfect CVSS score of 10.0. This means an attacker can just... do it. No credentials, no user interaction required.

Was die Sache kritisch macht: No credentials, no user interaction required.

 

[eratte]

Und wenn ich es richtig verstehe außer Austauschen keine Abhilfe.

 

[eratte]

Hier geht es auch noch mal um die ASUS Router aber auch um Mainboard/Device Software

 

[eratte]

ASUS Implements Security Updates for MyASUS, Armoury Crate, and Certain Routers (TechPowerUp)

 

[RedBaron]

Sicherheitsupdates: Angreifer können Anmeldung von Asus-Routern umgehen

Support ausgelaufen: Sicherheitslücken in D-Link-Router bleiben offen