Vulnerability – INFO

Introduction

ASUS RT-AX57 is a wireless router developed by ASUS, with complete functions and superior performance. The latest firmware version of ASUS RT-AX57 is 3.0.0.4.388_ 33114, when logging into the management page, the username and password were not encrypted and only transmitted through Base64 encoding, transmitting sensitive information in almost plaintext.

Attackers can lurk in the internal network for monitoring, capturing sensitive information by capturing user names and passwords in data packets, thereby controlling routers and posing a great threat to internal network security. At the same time, the obtained username and password can be used for database collision, further posing greater harm to network security.

Verify

The attacker uses wireshark and other tools in the network to enable the Promiscuous mode to monitor and filter the traffic in the network. The administrator normally enters the user name and password to log in to the router management system.

At this point, the attacker discovered a login traffic packet containing suspicious strings

Perform Base64 decoding on suspicious fields to obtain the following content: username and password. In the example, they are “admin” and “passwd”, respectively.

As a result , the attacker can obtain clear text data of the username and password, thereby forging the user’s login. As shown in the figure, the attacker can log in to the management system normally, which poses a great threat to the internal network security.

At the same time, you can also use Burpsuite to view the data packet and see that the decoding results are consistent.

Looking at the file directory, it can be seen that the current data packet is being sent to login.cgi. Therefore, attackers can only monitor this portion of traffic and achieve more accurate user name and password acquisition.