Latest Asus Firmware Router Popping Flaw Exposes Popular WiFi Routers

Asus Firmware Exploit - Open Source Firmware Installation Information - DD-WRT & TomatUSB

Another day, another manufacturer default firmware issue revealed. This time it was Asus and some of its most popular routers including the RT-AC87U and the RT-N66U.

On approximately Jan. 4, a backdoor exploit was published for Asus routers. It is unknown at this time how long this exploit was known by Asus or hackers.

It appears that the issue is located in infosvr service, generally used to help the administrators find and configure ASUS routers on a network segment.

According to the github post by jduck,

Several models of ASUS’s routers include a service called infosvr that listens on UDP broadcast port 9999 on the LAN or WLAN interface. It’s used by one of ASUS’s tools to ease router configuration by automatically locating routers on the local subnet. This service runs with root privileges and contains an unauthenticated command execution vulnerability.

The Best Wireless Router Under $200

Asus RT-N66U Dark Knight Tomato Router

The following Asus models were confirmed as vulnerable:

RT-AC87U – Firmware version:
RT-N66U – Firmware version:
RT-N56U – Firmware version:

Yet it likely other Asus routers affected but their firmwares that have not yet been tested or confirmed. The github post states: “Currently, all known firmware versions for applicable routers (RT-AC66U, RT-N66U, etc.) are assumed vulnerable.”

And what does this problem mean for users? Basically, anyone connected to the local network can gain control by sending a single protocol packet to the router. To be clear, in order to exploit this someone would need to have access to your local network.

What To Do to Get Ahead of the Router Firmware Exploit Curve?

While manufacturers create excellent hardware, it appears that often times that fatal flaw is the limiting, ill-performing firmware installed that allows the router to be used to its max capabilities. Lucian Constantin at PCWorld explains why the frequency of router exploits has exploded:

Routers are valuable targets for attackers, because they provide them with a foothold inside networks from where they can attack other devices. A router compromise is much harder to detect than a PC infection, because there are no antivirus programs running on such devices.

By controlling routers attackers gain the ability to intercept, inspect and modify incoming and outgoing Internet traffic for all devices that connect through them. Among other things, they can strip SSL from secure traffic and use DNS hijacking techniques to misrepresent legitimate websites.

He then goes on to suggest installing custom firmware but warns “… it should be noted that installing custom firmware can void the device warranty and should only be done by users who understand and accept all the risks associated with this procedure, including the possibility that their device might be damaged.”

So how can you get the best of both worlds? Well it just so happens that all Asus FlashRouters ship with this custom firmware solution already completely installed, with warranty and support options unavailable anywhere else for custom open-source firmware solutions like DD-WRT or TomatoUSB.


The FlashRouters Support Advantage

From the top of the line RT-AC3200 Tomato to the Asus RT-AC5300 DD-WRT, FlashRouters supports a full line of enhanced Asus routers primed for premium security right our of the box.

Already have an Asus router and want help upgrading the firmware? Our team of experts offer remote flashing and setup assistance via worldwide custom-firmware flashing and VPN setup support plans for a large array of Asus WiFi Routers.

Asus Firmware Backdoor Fixes

Yes, Asus has worked harder than some router manufacturers to keep on top of these issues and gets some excellent work right out of the open-source firmware community from users and developers like Eric Sauvageau AKA Merlin.

But, ArsTechnica wrote, “Unless Asus releases a patch, there’s little non-technical users can do to close the hole. More technically inclined people can use the vulnerability itself to turn off infosvr after each reboot.”

If you are one of those technically inclined, we suggest visiting the Github page for the latest workarounds or updates. Still, our recommendation as a long-term solution is upgrading to an enhanced, custom firmware routing device to hopefully prevent this type of upgrade scramble in the future and not have to wait for a manufacturer update.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.