ISE SOHO Vulnerability Catalog Published - Independent Security ...
ISE SOHO Vulnerability Catalog Published - Independent Security ...
ISE SOHO Vulnerability Catalog Published - Independent Security ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
♦ 3/29/2013 - Notified ASUS<br />
♦ 7/26/2013 – Public Disclosure<br />
References<br />
♦ Advisory/Video: http://infosec42.blogspot.com<br />
♦ http://securityevaluators.com/content/case-studies/<br />
Credit<br />
♦ Discovered By: Jacob Holcomb – <strong>Security</strong> Analyst @ <strong>Independent</strong> <strong>Security</strong><br />
Evaluators<br />
♦ Exploited By: Jacob Holcomb – <strong>Security</strong> Analyst @ <strong>Independent</strong> <strong>Security</strong><br />
Evaluators<br />
<strong>Vulnerability</strong>: Persistent Code Execution (File-‐system Permissions) <br />
CVE: CVE-2013-3094<br />
Description<br />
The ASUS RT-N56U contains read, write, and execute permissions throughout its filesystem.<br />
If an attacker is able to get access to the routers file-system through FTP, SMB,<br />
or CSRF reverse-shell, the attacker can replace system executable with his or her own<br />
code and persuade the router to execute it. This results in persistent shell level access to<br />
the router.<br />
Attack Requirements<br />
♦ Gain access to the routers file-system though SMB, FTP, or CSRF<br />
Details<br />
The asusware directory contains several system binaries, configuration files, and scripts<br />
that can be altered to perform actions of an attackers choosing.<br />
Impact<br />
Once the attacker gains access to the router, the attacker can insert attacker-controlled<br />
code and gain unfettered access to the router.<br />
Recommendations to the Vendor<br />
♦ Change the file-system permissions.<br />
♦ Additional information for vendors regarding immediate and long term fixes for<br />
these issues can be found here: http://www.securityevaluators.com/content/case-<br />
<br />
90