ISE SOHO Vulnerability Catalog Published - Independent Security ...
ISE SOHO Vulnerability Catalog Published - Independent Security ...
ISE SOHO Vulnerability Catalog Published - Independent Security ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
studies/routers/#recommendationsVendors<br />
Solution<br />
♦ There is no solution to this problem.<br />
♦ Restrict access to WAN services such as remote management to prevent an<br />
attacker from gaining access if an attack is successful.<br />
Proof of Concept Exploit<br />
None. See video demo.<br />
Disclosure Timeline<br />
♦ 3/29/2013 - Notified ASUS<br />
♦ 7/26/2013 – Public Disclosure<br />
References<br />
♦ Advisory/Video: http://infosec42.blogspot.com<br />
♦ http://securityevaluators.com/content/case-studies/<br />
Credit<br />
♦ Discovered By: Jacob Holcomb – <strong>Security</strong> Analyst @ <strong>Independent</strong> <strong>Security</strong><br />
Evaluators<br />
♦ Exploited By: Jacob Holcomb – <strong>Security</strong> Analyst @ <strong>Independent</strong> <strong>Security</strong><br />
Evaluators<br />
<strong>Vulnerability</strong>: Multiple Buffer Overflow <br />
CVE: CVE-2013-4659<br />
Description<br />
The ASUS RT-AC66U router contains a software package that is susceptible to multiple<br />
Buffer Overflow attacks, and when triggered, can result in Denial of Service or Remote<br />
Code Execution.<br />
Attack Requirements<br />
♦ The attacker needs access to ACSD network services in order to launch the<br />
overflow attacks.<br />
Details<br />
♦ Other firmware versions were not tested and could be vulnerable.<br />
<br />
95