[Nulled] » Information security » The top-end dual-band gaming router Asus RT-AX82U
January 16 2023

The top-end dual-band gaming router Asus RT-AX82U

web3 16-01-2023, 13:04 Information security 157

The top-end dual-band gaming router Asus RT-AX82U is subject to three critical vulnerabilities that can be used to bypass authentication, leak information or cause a denial of service (DoS) state.

The router can be configured via an HTTP server that runs on a local network, but also supports remote management and monitoring.

Technical information about vulnerabilities was published by Cisco Talos researchers, where the most serious is CVE-2022-35401 (CVSS score 9.0) - a way to bypass authentication that can be used using a series of created HTTP requests.

An attacker can exploit this vulnerability to gain full administrative access to a vulnerable device. 

The problem lies in the remote administration function of the router, which, in fact, allows users to manage it in the same way as any other IoT device.

Operation is possible if the user enables access to the global network for the HTTPS server and generates an access code that allows the remote website to connect to the endpoint on the device with a token check every 2 minutes.

As it turned out, the token generation algorithm is subject to a brute force attack, since the router supported only 255 possible codes and checking the token creation time was also erroneous, since it was based on the uptime of the device.

The remaining two serious bugs CVE-2022-38105 and CVE-2022-38393 are errors that affect the functionality of the router and allow you to configure the mesh network.

CVE-2022-38105 allows an attacker to send created network packets to cause repeated out-of-bounds errors and data leakage, such as thread stack addresses.

The second problem exists due to the lack of verification of input packets, which allows an attacker to cause memory loss and cause a system crash.

Three vulnerabilities were found in the firmware of Asus RT-AX82U version 3.0.0.4.386_49674-ge182230, which was reported to the supplier back in August.

We understand how rarely it comes to installing patches on routers, users are still strongly advised to update their devices to the latest firmware version.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: web3
  • Date of publication: 16 January 2023 13:04
  • Publication category(s): Information security
  • Number of views of the publication: 157
  • Number of comments to the publication: 0

Related News

14 March 2022
Information security»,Anonymity on the web
How and why to protect

How and why to protect your home Wi-Fi network? Currently, home wireless Wi-Fi networks are very popular. They are

Read more
16 January 2023
Information security
The Taiwanese NAS

The Taiwanese NAS manufacturer Synology has eliminated the vulnerability of the maximum (10/10) severity in VPN

Read more
16 January 2023
Information security
The first January ICS

The first January ICS fixes came up with a dozen security recommendations from Siemens and Schneider Electric,

Read more
16 January 2023
Information security
Experts warn of a

Experts warn of a critical vulnerability of the Linux kernel of 10 points on the CVSS scale, which affects SMB

Read more
15 January 2023
Information security
Synology has eliminated

Synology has eliminated a critical vulnerability in VPN routers

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    November 2024    »
MonTueWedThuFriSatSun
 123
45678910
11121314151617
18192021222324
252627282930 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +13 Total articles 6747
  • +18 Comments 4082
  • +29 Users : 5861