[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] ASUS RT-N13U Unsecured Telnet on LAN and WAN

To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] ASUS RT-N13U Unsecured Telnet on LAN and WAN
From: Shelby Spencer <pwd_manager@xxxxxxxxxxx>
Date: Mon, 28 Oct 2013 16:33:52 -0700

The ASUS RT-N13U home router comes configured with an unsecured telnet for user 
"admin".
Telnetting in with this user will result in a root shell.  The telnet is not 
configurable from the web interface, nor does changing the password on the web 
interface's admin user make any difference.  I have alerted ASUS to the problem 
on 10/25/13.  I have been able to verify that this telnet interface is visible 
from both the LAN and WAN.

Sincerely,
Shellster

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] ASUS RT-N13U Unsecured Telnet on LAN and WAN
  - From: Shelby Spencer

Prev by Date: [Full-disclosure] CVE-2013-5694 Blind SQL Injection in Ops View
Next by Date: [Full-disclosure] Advisory: sup MUA Command Injection
Previous by thread: [Full-disclosure] CVE-2013-5694 Blind SQL Injection in Ops View
Next by thread: Re: [Full-disclosure] ASUS RT-N13U Unsecured Telnet on LAN and WAN
Index(es):
- Date
- Thread