Se avete dei Router di Asus verificate di avere l'ultima versione fw (sono state rilasciate alcune patch di sicurezza)
Where:From remote
Impact: Unknown, Security Bypass, Cross Site Scripting, System access
Some vulnerabilities have been reported in multiple ASUS products, where one has an unknown impact and the others can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks, bypass certain security restrictions, and compromise a vulnerable system.
The vulnerabilities are reported in the following products and versions:
* ASUS RT-N12HP firmware versions prior to 3.0.0.4.374.5517
* ASUS RT-N12 D1 firmware versions prior to 3.0.0.4.374.5517
* ASUS RT-N10U firmware versions prior to 3.0.0.4.374.5517
* ASUS RT-N10U (VER.B1) firmware versions prior to 3.0.0.4.374.5517
Solution:
Update to firmware version 3.0.0.4.374.5517.
http://secunia.com/advisories/58258/
------------------------------------------------------------------------------
Where:From remote
Impact:Unknown, Security Bypass, Cross Site Scripting, System access
1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are reported in the following products and versions:
* ASUS RT-AC66U firmware versions prior to 3.0.0.4.374.5517
* ASUS RT-AC66R firmware versions prior to 3.0.0.4.374.5517
* ASUS RT-N66R firmware versions prior to 3.0.0.4.374.5517
* ASUS RT-N66W firmware versions prior to 3.0.0.4.374.5517
* ASUS RT-N16 firmware versions prior to 3.0.0.4.374.5517
Solution:
Update to firmware version 3.0.0.4.374.5517.
http://secunia.com/advisories/58644/
------------------------------------------------------------------------
Where:From remote
Impact:Unknown, Security Bypass, Cross Site Scripting, System access
Description
Some vulnerabilities have been reported in multiple ASUS products, where one has an unknown impact and the others can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks, bypass certain security restrictions, and compromise a vulnerable system.
1) An error within the authentication mechanism can be exploited to access to otherwise restricted scripts and subsequently e.g. disclose administrative credentials.
2) Some errors exist within APP_Installation.asp when handling certain parameters, which can be exploited to cause a stack-based buffer overflow via an overly long "apps_name" and "apps_flag" parameters.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
3) The device allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to manipulate device settings when a logged-in administrative user visits a specially crafted web page.
4) An unspecified error exists related to network map. No further information is currently available.
The vulnerabilities are reported in the following products and versions:
* ASUS RT-AC56U firmware versions prior to 3.0.0.4.374.5656
* ASUS RT-AC56R firmware versions prior to 3.0.0.4.374.5656
Solution:
Update to firmware version 3.0.0.4.374.5656.
http://secunia.com/advisories/58488/