ID
VAR-E-201310-0513
TITLE
ASUS RT-N13U Backdoor Account
Trust: 0.5
DESCRIPTION
The ASUS RT-N13U home router comes configured with an administrative root shell with a default password and is available via telnetd. Changing the password on the web interface does not remediate the issue.
Trust: 0.5
AFFECTED PRODUCTS
| vendor: | asus | model: | rt-n13u | scope: | - | version: | - | Trust: 0.5 |
EXPLOIT
The ASUS RT-N13U home router comes configured with an unsecured telnet for user "admin".
Telnetting in with this user will result in a root shell. The telnet is not configurable from the web interface, nor does changing the password on the web interface's admin user make any difference. I have alerted ASUS to the problem on 10/25/13. I have been able to verify that this telnet interface is visible from both the LAN and WAN.
Sincerely,
Shellster
Trust: 0.5
EXPLOIT HASH
LOCAL | SOURCE | ||||||||
|
|
Trust: 0.5
EXPLOIT LANGUAGE
shell
Trust: 0.5
PRICE
free
Trust: 0.5
TYPE
root
Trust: 0.5
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | web | Trust: 0.5 |
| tag: | shell | Trust: 0.5 |
| tag: | root | Trust: 0.5 |
CREDITS
Shellster
Trust: 0.5
EXTERNAL IDS
| db: | PACKETSTORM | id: | 123822 | Trust: 0.5 |
SOURCES
| db: | PACKETSTORM | id: | 123822 |
LAST UPDATE DATE
2022-07-27T09:18:52.311000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 123822 | date: | 2013-10-29T12:02:22 |