The Broadband Guide
search advanced
 forgot password?

Asus routers can be hacked from local network

2015-01-12 16:07 by
Tags: ,


Security researcher Joshua Drake has found a bug in several Asus routers that allows an attacker on the local network to take full administrative control of the router without the need for a password. The vulnerability (CVE-2014-9583) affects the Asus RT-AC66U, RT-N66U and other routers with the most recent firmware.

"Several models of ASUS's routers include a service called infosvr that listens on UDP broadcast port 9999 on the LAN or WLAN interface. It's used by one of ASUS's tools to ease router configuration by automatically locating routers on the local subnet," Drake said. "This service runs with root privileges and contains an unauthenticated command execution vulnerability," he added.

Despite not allowing remote attackers to access the router, this vulnerability poses high risk for those who use their ASUS routers to setup hotspots and other public Wi-Fi networks.

As no patch is available yet, the only solution for owners of those routers is to disable the infosvr service after each boot. Alternatively, they could also block access to UDP port 9999.

Read more -here-

There is more information on port 9999 available in our ports database, as well as the ability to check if it is open on your network.


  User Reviews/Comments:
by anonymous - 2015-01-15 13:14
This issue has been addressed with a new firmware update that is currently available for download from the Asus website for the routers at risk.
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About