ASUS Router 'infosvr' Remote Command Execution
Critical Nessus Plugin ID 80518
SynopsisThe remote device contains a backdoor.
DescriptionThe remote device is an ASUS router that contains firmware which is affected by a flaw in its 'infosvr' service due to not properly checking the MAC address of a request. An unauthenticated, remote attacker, using a crafted request to UDP port 9999, can exploit this to run arbitrary commands or access configuration details (including passwords) on the device.
SolutionContact the device vendor regarding the availability of an update.