One Million ASUS Routers Under Control: Exploiting ASUS DDNS to MITM Admin Credentials

March 28, 2024

…Notably, ASUS routers – of which around one million are exposed to the internet via port 8443/tcp (Shodan query: port:8443 os:”ASUSWRT”) – display a distinct susceptibility. Investigation reveals the user-friendly “ASUS Router App” inadvertently alters router settings, making them accessible online.

Our research discovered that these routers, whether intended or not, configured via ASUS’s DDNS, are susceptible to a man-in-the-middle (MITM) attack, which we identified, enabling the theft of admin credentials…

By: Masaki Kubo , Yoshiki Mori , Kanta Okugawa

Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-23/briefings/schedule/#one-million-asus-routers-under-control-exploiting-asus-ddns-to-mitm-admin-credentials-35443Black HatRead More