In a recent assessment of the Asus RT-N12+ B1 router conducted on February 21, 2024, a critical security vulnerability was discovered. This vulnerability, which arises from insecure credential storage practices, represents a significant risk to the security of the device and any connected networks. The vulnerability was identified during testing of the router as part of IoT product evaluation.
ASUS RT-N300 B1 Firmware version 3.0.0.4.380.10931
The vulnerability affecting the Asus RT-N12+ B1 router stems from its improper handling of user passwords. Specifically, the router stores user passwords in plaintext format rather than employing secure encryption or hashing methods. This oversight exposes sensitive authentication credentials, including usernames and passwords, in a readable and accessible format.
Impact of the Vulnerability
- This vulnerability has a substantial impact, as it exposes the Asus RT-N12+ B1 router to significant security risks.
- By storing user passwords in plaintext format, the vulnerability allows malicious actors to exploit these credentials as root-shell passwords
- Consequently, unauthorized individuals can gain access to the router’s functionalities without proper authentication.
- This unauthorized access opens the door to potential security breaches, enabling attackers to manipulate router settings, compromise network security, and potentially intercept or modify data traffic.
- Overall, the vulnerability poses a grave threat to the confidentiality, integrity, and availability of the router and the network it serves.
Timeline:
- Initial Contact: 21/2/2024 – Report submitted to Asus, outlining the vulnerability.
- Follow-up Contact 2: 28/02/2024 – First follow-up communication with Asus.
- Asus Revert Back: 05/03/2024 – Acknowledgment received from Asus.
Asus has officially declared that the RT-N12+ B1 (RT-N300 B1) router has reached the end of its product life cycle. Consequently, firmware maintenance and updates for this model were discontinued years ago. This cessation of support leaves the device vulnerable to existing security flaws within its firmware.
Asus has indicated that a beta version of the router’s firmware is now available for testing. These companies seek user feedback to evaluate if this beta version addresses any identified issues. The beta firmware can be accessed and reviewed via the following link: [link]
- Follow-up Contact 3: 01/04/2024 – Second follow-up communication with Asus.
- Asus Revert Back: 01/04/2024 – Acknowledgment received from Asus.
- Follow-up Contact 4: 02/04/2024 – Third follow-up communication with Asus.
- Asus Revert Back: 12/04/2024 – Continued follow-up communication with Asus.
Asus has indicated that upon examination, they’ve determined that the firmware size for this model is excessively large, and the product has reached the end of its life cycle, posing challenges for ongoing maintenance.
Additionally, they have provided a beta firmware version for the router firmware. They’ve requested feedback on whether the provided firmware effectively addresses the identified issues. You can access the beta firmware file through the following link:
Vulnerability Description: Plain Text Password Storage
The vulnerability in question lies in the Asus RT-N12+ B1 router’s flawed handling of user passwords, which are stored in plaintext format. This oversight creates a significant security flaw, as plaintext storage means that sensitive authentication credentials, including usernames and passwords, are stored in an easily readable and accessible format.
This opens the possibility for malicious actors to exploit the vulnerability by gaining unauthorized access to the router. With plaintext passwords, attackers can circumvent authentication mechanisms and enter the router’s system without legitimate credentials. Consequently, unauthorized individuals can manipulate router settings, compromise network security, and potentially carry out various malicious activities, posing a serious threat to the confidentiality, integrity, and availability of the router and the network it serves.
Proof-of-Concept: Identification of Plaintext Passwords
The vulnerability in the Asus RT-N12+ B1 router arises from its storage of user passwords in plaintext, a security flaw that can lead to unauthorized access. During analysis, researchers identified plaintext passwords, allowing them to successfully log in to the root shell using the default username “admin.”
This breach emphasizes the urgent need to take corrective actions to stop unauthorized access and potential compromise of devices that have been affected. The vulnerability in the Asus RT-N12+ B1 router arises from its storage of user passwords in plaintext, a security flaw that can lead to unauthorized access.
During analysis, researchers identified plaintext passwords, allowing them to successfully log in to the root shell using the default username “admin.”
Mitigation
The Insecure Credential Storage vulnerability is to avoid storing passwords in plaintext. Instead, use strong encryption techniques such as hashing and salting to protect user credentials.
TL;DR
- A critical security vulnerability in the Asus RT-N12+ B1 router was discovered, allowing unauthorized access due to storing passwords in plaintext.
- Reported to Asus on February 21, 2024, but the router is no longer supported.
- Asus released beta firmware for testing but faces challenges due to the router’s end-of-life status.
- Impact: Unauthorized access to router settings, compromising network security.
- Steps to Recreate Vulnerability: Extract firmware, analyse with tools like Binwalk and Ghidra, identify plaintext passwords, and exploit the vulnerability.
- Urgent need for remediation to prevent unauthorized access.
Redfox Security is a diverse network of expert security consultants with a global mindset and a collaborative culture. If you are looking to improve your organization’s security posture, contact us today to discuss your security testing needs. Our team of security professionals can help you identify vulnerabilities and weaknesses in your systems and provide recommendations to remediate them.
“Join us on our journey of growth and development by signing up for our comprehensive courses.”
