In a home network, the router is the first - and, oftentimes, the last - line of defence. Unless manually modified, or programmatically modified via the Universal Plug 'n Play (UPnP) protocol, a router using Network Address Translation (NAT) ensures that no internal systems are directly accessible from the internet. The router itself, naturally, is directly accessible - and this is why it is important for manufacturers to ensure they have locked their devices down as much as possible.ASUS has issued new firmware that fixes the issue on some routers, but other models are still waiting for a fix. To prevent attacks on unpatched routers, security researcher Kyle Lovett recommends users to disable all UPnP services, all three AiCloud items, disable remote access to the router's settings page, change the default login and password, and change the AiCloud service password if the service has been in active use.
Asus, it is claimed, hasn't been careful enough in the development of its personal cloud service AiCloud. According to security researcher Kyle Lovett, all AiCloud enabled firmware versions for Asus' various routers - comprising the RT-AC66R, AT-AC66U, RT-N66R, RT-N66U, RT-AC56U, RT-N56R, RT-N56U, RT-N14U, RT-N16 and RT-N16R - have numerous vulnerabilities that can allow for disclosure of supposedly private files or even remote code execution directly on the router in order to compromise the entire network.
ASUS AiCloud routers suffering from security holes
Posted on Wednesday, Jul 17 2013 @ 13:16 CEST by Thomas De Maesschalck