Intrusion Prevention

ASUS.Routers.infosvr.UDP.Broadcast.Command.Execution

Description

This indicates an attack attempt against a Command Execution vulnerability in ASUS Router.
The vulnerability is caused by an error when infosvr service handles a malicious udp packet. It allows a remote attacker to gain control of vulnerable systems via a crafted udp packet.

Affected Products

ASUS RT-N66U firmware version 3.0.0.4.376_1071-g8696125
ASUS RT-AC87U firmware version 3.0.0.4.378_3754
ASUS RT-N56U firmware version 3.0.0.4.374_5656
ASUS RT-AC68U firmware version 3.0.0.4.376_3626-g9a8323e
ASUS DSL-N55U firmware version 3.0.0.4.374_4422-gc83c78f
ASUS DSL-AC68U firmware version 3.0.0.4.376_2158-g340202b
ASUS RT-AC66R firmware version 3.0.0.4.376_2524-g0013f52
ASUS RT-AC66R firmware version 3.0.0.4.376_3602
ASUS RT-AC55U firmware version 3.0.0.4.376_6587-gaa506e9
ASUS RT-N12HP_B1 firmware version 3.0.0.4.374_1327
ASUS RT-N16 firmware version 3.0.0.4.220

Impact

System Compromise: Remote attacker can gain control of vulnerable systems.

Recommended Actions

Upgrade firmare to revision 3.0.0.4.376.3754 or newer.

CVE References

CVE-2014-9583