DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
November 21, 2018 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 94 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

ASUS AiCloud routers suffering from security holes

Posted on Wednesday, July 17 2013 @ 13:16:32 CEST by


ASUS logo
A security researcher discovered that ASUS routers with the AiCloud service are vulnerable to attack. Numerous security flaws in the software give attackers read and write access to all files and folders shared via AiCloud, as well as access to a plain text file with all usernames and passwords with no encryption, plus the ability to adjust settings and run remote code via SSH.
In a home network, the router is the first - and, oftentimes, the last - line of defence. Unless manually modified, or programmatically modified via the Universal Plug 'n Play (UPnP) protocol, a router using Network Address Translation (NAT) ensures that no internal systems are directly accessible from the internet. The router itself, naturally, is directly accessible - and this is why it is important for manufacturers to ensure they have locked their devices down as much as possible.

Asus, it is claimed, hasn't been careful enough in the development of its personal cloud service AiCloud. According to security researcher Kyle Lovett, all AiCloud enabled firmware versions for Asus' various routers - comprising the RT-AC66R, AT-AC66U, RT-N66R, RT-N66U, RT-AC56U, RT-N56R, RT-N56U, RT-N14U, RT-N16 and RT-N16R - have numerous vulnerabilities that can allow for disclosure of supposedly private files or even remote code execution directly on the router in order to compromise the entire network.
ASUS has issued new firmware that fixes the issue on some routers, but other models are still waiting for a fix. To prevent attacks on unpatched routers, security researcher Kyle Lovett recommends users to disable all UPnP services, all three AiCloud items, disable remote access to the router's settings page, change the default login and password, and change the AiCloud service password if the service has been in active use.



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2018 DM Media Group bvba