Home
About Us
Services
Academy
Advisory
Blog
Media
Contact Us
Home
About Us
Services
Academy
Advisory
Blog
Media
Contact Us

Asus RT N12 + B1’s Privilege Escalation CVE-2024-28326

  • May 09, 2024
  • Hardware
  • Shravan Singh

Privilege escalation attacks are particularly dangerous as they allow attackers to bypass restrictions and security measures put in place to safeguard the system.

In a recent assessment, the Asus RT-N12 + B1 routers exhibit a severe vulnerability. They give unrestricted root terminal access via a serial interface without appropriate access control measures. This oversight enables malicious actors with physical access to the device to execute arbitrary commands with root privileges, posing a severe security risk.

Once escalated to the root level, attackers can manipulate system configurations, install malicious software, exfiltrate sensitive data, or even render the device entirely compromised, posing significant risks to both the network and the data it holds.

Credentials Stored in Cleartext

ASUS RT-N300 B1 Firmware version 3.0.0.4.380.10931

Impact

Any attacker with physical access to a router could exploit this report’s vulnerability and gain total control of it by exploiting its vulnerabilities, potentially compromising sensitive data stored or transmitted over its networks.

Timeline

  • Initial Contact: 21/2/2024 – Report submitted to Asus, outlining the vulnerability.
  • Follow-up Contact 2: 28/02/2024 – First follow-up communication with Asus.
  • Asus Revert Back: 05/03/2024 – Acknowledgment received from Asus. Asus has officially declared that the RT-N12+ B1 (RT-N300 B1) router has reached the end of its product life cycle. Consequently, firmware maintenance and updates for this model were discontinued years ago. This cessation of support leaves the device vulnerable to existing security flaws within its firmware. Asus has indicated that a beta version of the router’s firmware is now available for testing. These companies seek user feedback to evaluate if this beta version addresses any identified issues. The beta firmware can be accessed and reviewed via the following link
  • Follow-up Contact 3: 01/04/2024 – Second follow-up communication with Asus.
  • Asus Revert Back: 01/04/2024 – Acknowledgment received from Asus.
  • Follow-up Contact 4: 02/04/2024 – Third follow-up communication with Asus.
  • Asus Revert Back: 12/04/2024 – Continued follow-up communication with Asus. Asus has indicated that upon examination, they’ve determined that the firmware size for this model is excessively large. The product has reached the end of its life cycle, posing challenges for ongoing maintenance. Additionally, they have provided a beta firmware version for the router firmware. They’ve requested feedback on whether the provided firmware effectively addresses the identified issues. You can access the beta firmware file through the following link

Vulnerability Description: Privilege Escalation via Improper Credential Storage

  1. The Asus RT-N12+ B1 routers feature a UART/Serial interface on their PCB, comprising four pins: Rx (Receive), Tx (Transmit), Vcc (Voltage), and Gnd (Ground).
  2. This UART interface operates at TTL (Transistor-Transistor Logic) level and communicates at a baud rate of 57600, providing a means for debugging and system monitoring.
  3. Critically, the interface exposes a root terminal without proper access control mechanisms and permits any person with physical access to gain unrestricted access to its functions and potentially execute any arbitrary commands.

Proof-of-Concept: Privilege Escalation via Improper Credential Storage

During our testing, we observed that upon booting the device and pressing the Enter key, log output was generated, indicative of the device’s UART functionality.

This log output confirms the presence of the vulnerability, highlighting the need for immediate action to address the lack of access control on the UART/Serial interface of the Asus RT-N12+ B1 router.

Proof of Concept
Mitigation

Privilege Escalation via Improper Credential Storage vulnerability is to implement least privilege principles and control access to sensitive interfaces.

TL;DR

Asus RT-N12+ B1 routers’ UART/Serial interface lacks access control, exposing a root terminal to unauthorized users. UART operates at TTL level, communicating at 57600 baud, enabling debugging and system monitoring. Physical access allows unrestricted access to device functionalities, posing a risk of arbitrary command execution. 

Redfox Security is a diverse network of expert security consultants with a global mindset and a collaborative culture. If you are looking to improve your organization’s security posture, contact us today to discuss your security testing needs. Our team of security professionals can help you identify vulnerabilities and weaknesses in your systems and provide recommendations to remediate them.

Join us on our journey of growth and development by signing up for our comprehensive courses.

Recent Blog

August 06, 2024
Securing AWS: Importance of Penetration Testing & Best Practices
August 06, 2024
Process Injection: Harnessing the Power of Shellcode
August 06, 2024
Decoding the Mystery: Identifying Unlabelled UART Pins

Follow Us

Youtube X-twitter Facebook Instagram Linkedin Github Medium

Delaware Office

Redfox Cyber Security Inc.
8 The Green, Ste. A, Dover,
Delaware 19901,
United States.

info@redfoxsec.com

Quick Menu

Legal

Newsletter

Success
Thank you! Form submitted successfully.
This field is required

©️2024 Redfox Cyber Security Inc. All rights reserved.