The Asus DSL-N17U is a network device that usually provides wired or wireless connectivity for home users. As with many products, this network device also has software that we call firmware. The software was developed in asp language and received the latest update in 2019. The manufacturer continues to develop and update.
As a result of our researches, we found out that the Asus DSL-N17U network device with version 126.96.36.199 has the authentication bypass vulnerability in the POST parameter sent to the "Advanced_System_Content.asp" page.
How Did We Detect Asus DSL-N17U Modem Authentication Bypass Vulnerability?
As the Security For Everyone team, we regularly look for vulnerabilities in the software we have chosen to find 0-day. One of the software we chose was the Asus DSL-N17U network device's firmware, which is generally used by home users and small companies. After deciding on the application that we will look for vulnerability, we performed the following steps in turn:
We connected to the modem interface with the username/password that we determined and downloaded the firmware installed on the modem. When we opened and analyzed the source codes, we found no session or authorization control on some pages.
When we started to examine the "Advanced_System_Content.asp" page in detail, we determined that some POST request parameters sent to this page also sent the authorized admin user's password information.
We have determined that we can change the admin user's password when we change and send the parameters related to this request without logging into the admin interface with any user.
After determining the weakness, we contacted Asus, the manufacturer, and verified the weakness for the model we detected and previous ones.
Finally, we applied to Mitre and got our CVE code.
What to Do?
It is recommended by the Security For Everyone team that users with an Asus brand DSL-N17U and earlier have this network device to check the firmware versions and urgently update it to the latest firmware version.