ASUS RT-N10E Wireless Routers contain an authentication bypass vulnerability (CWE-592).
CWE-592: Authentication Bypass Issues
ASUS RT-N10E Wireless Routers contain an authentication bypass vulnerability. An attacker with network access to the device can navigate to the web page http://RouterIPAddress/qis/QIS_finish.htm The attacker will be presented with a web page containing the device's configuration without entering any login credentials. This web page will display the device's administrator password. The default configuration for this device is to only allow clients connected to the Local Area Network (LAN) to access the system web interface.
An unauthenticated attacker that is connected to router's LAN may be able to retrieve the device's administrator password, allowing them to directly access the device's configuration page.
Apply an Update
Restrict network access
Thanks to Sanket Karalkar for reporting this vulnerability.
This document was written by Adam Rauf.
|Date First Published:||2013-10-04|
|Date Last Updated:||2013-10-04 15:00 UTC|