Vulnerability Note VU#984366
ASUS RT-N10E Wireless Router vulnerable to authentication bypass
ASUS RT-N10E Wireless Routers contain an authentication bypass vulnerability (CWE-592).
CWE-592: Authentication Bypass Issues
ASUS RT-N10E Wireless Routers contain an authentication bypass vulnerability. An attacker with network access to the device can navigate to the web page http://RouterIPAddress/qis/QIS_finish.htm The attacker will be presented with a web page containing the device's configuration without entering any login credentials. This web page will display the device's administrator password. The default configuration for this device is to only allow clients connected to the Local Area Network (LAN) to access the system web interface.
An unauthenticated attacker that is connected to router's LAN may be able to retrieve the device's administrator password, allowing them to directly access the device's configuration page.
Apply an Update
Restrict network access
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|AsusTek Computer Inc.||Affected||19 Aug 2013||04 Oct 2013|
CVSS Metrics (Learn More)
Thanks to Sanket Karalkar for reporting this vulnerability.
This document was written by Adam Rauf.
- CVE IDs: CVE-2013-3610
- Date Public: 04 Oct 2013
- Date First Published: 04 Oct 2013
- Date Last Updated: 04 Oct 2013
- Document Revision: 19
If you have feedback, comments, or additional information about this vulnerability, please send us email.