ASUS RT-N13U Backdoor Account

2013.10.30
Credit: Shellster
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

The ASUS RT-N13U home router comes configured with an unsecured telnet for user "admin". Telnetting in with this user will result in a root shell. The telnet is not configurable from the web interface, nor does changing the password on the web interface's admin user make any difference. I have alerted ASUS to the problem on 10/25/13. I have been able to verify that this telnet interface is visible from both the LAN and WAN. Sincerely, Shellster

References:

http://cxsecurity.com/issue/WLB-2013090194


Vote for this issue:
50%
50%

Comment it here.

Copyright 2025, cxsecurity.com

 

Back to Top