3.3 - VU#200814

Executive Summary

Summary
Title	ASUS RT-N56U remote password disclosure vulnerability

Informations
Name	VU#200814	First vendor Publication	2011-08-25
Vendor	VU-CERT	Last vendor Modification	2011-08-26
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score	3.3	Attack Range	Adjacent network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	6.5	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#200814

ASUS RT-N56U remote password disclosure vulnerability

Overview

ASUS's Wireless-N Gigabit Router RT-N56U is vulnerable to remote administrator password disclosure.

I. Description

ASUS's Wireless-N Gigabit Router RT-N56U contains a vulnerability which may allow a remote unauthenticated attacker to recover the device's administrator password. An attacker with network access to the device can navigate to the web page http://RouterIPAddress/QIS_wizard.htm?flag=detect. The attacker will be presented with a web page containing the device's configuration without entering any login credentials. This web page will display the device's administrator password. The default configuration for this device is to only allow clients connected to the Local Area Network (LAN) to access the system web interface.

This vulnerability has been reported in ASUS's Wireless-N Gigabit Router RT-N56U firmware version 1.0.1.4.

II. Impact

An unauthenticated attacker that is connected to the router's LAN may be able to retrieve the device's administrator password allowing them to directly access the device's configuration web page.

III. Solution

Update

This vulnerability has been addressed in ASUS's Wireless-N Gigabit Router RT-N56U firmware version 1.0.1.4o.

Restrict network access

Restrict network access to the ASUS's Wireless-N Gigabit Router RT-N56U system web interface and other devices using open protocols like HTTP.

Disable WAN device management

Restrict network access to the ASUS's Wireless-N Gigabit Router RT-N56U system web interface from external connections.

Vendor Information

Vendor	Status	Date Notified	Date Updated
AsusTek Computer Inc.	Affected		2011-08-23

References

http://www.asus.com/Networks/Wireless_Routers/RTN56U/

Credit

Thanks to Plucky for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

Date Public:	2011-08-25
Date First Published:	2011-08-25
Date Last Updated:	2011-08-26
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Severity Metric:	1.86
Document Revision:	13

Original Source

Url : http://www.kb.cert.org/vuls/id/200814

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-200	Information Exposure

CPE : Common Platform Enumeration

Type	Description	Count
Application	Asus Rt-N56U Firmware cpe:2.3:a:asus:rt-n56u_firmware:1.0.1.4:::::::* cpe:2.3:a:asus:rt-n56u_firmware:1.0.1.3:::::::* cpe:2.3:a:asus:rt-n56u_firmware:1.0.1.2:::::::* cpe:2.3:a:asus:rt-n56u_firmware:1.0.0.9:::::::*	4
Hardware	Asus Rt-n56u cpe:2.3:h:asus:rt-n56u::::::::	1
Os	Asus Rt-N56U Firmware cpe:2.3:o:asus:rt-n56u_firmware:1.0.1.4o:::::::* cpe:2.3:o:asus:rt-n56u_firmware:1.0.1.4:::::::* cpe:2.3:o:asus:rt-n56u_firmware:-:::::::*	3

OpenVAS Exploits

Date	Description
2011-08-26	Name : ASUS RT-N56U Wireless Router 'QIS_wizard.htm' Password Information Disclosure... File : nvt/gb_asus_rt-n56u_49308.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
74909	ASUS RT-N56U Wireless Router QIS_wizard.htm Access Restriction Weakness Infor...

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	8
osvdb(s)	1
Openvas Exploit(s)	1

	Related
3.3	CVE-2011-4497
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)