Access restriction mechanisms in the product such as IP address or search keyword filtering are not applied to the Control Center interface, which makes it easier to access the interface of the product.
ASUS Control Center also exposes information of the local network via SNMP. An attacker can use SNMP to retrieve information such as the OS version, SNMP community, SNMP enterprise, SNMP agent host name and version, SNMP authentication, and SNMP trap destination to obtain more information about the network.
Router information such as version, administratively configured password, firmware version, and operating temperature can be obtained through SNMP. An attacker can use this information to launch further attacks on the router.
ASUS Control Center also exposes information about the local network via SNMP. An attacker can use this information to launch further attacks on the router.
ASUS Control Center is configured to allow remote management via HTTP, HTTPS, and SSH. An attacker can leverage the remote management features to gain full control of the product and install malicious code.
ASUS Control Center is configured to allow remote management via HTTP, HTTPS, and SSH. An attacker can leverage the remote management features to gain full control of the product and install malicious code.
ASUS Control Center also exposes information of the local network via SNMP
Router Information
The ASUS ROUTER LOG provides information about the router and the local network. This is accessible via SNMP. An attacker can use this information to launch further attacks on the router.
ASUS Control Center is configured to allow remote management via HTTP, HTTPS, and SSH. An attacker can leverage the remote management features to gain full control of the product and install malicious code.
Timeline
Published on: 06/20/2022 06:15:00 UTC
Last modified on: 06/27/2022 18:45:00 UTC