The ASUS RT-N13U router has a telnet service running by default that can be accessed by an attacker, using the ‘admin’ username and no password. This is accessible to both the LAN and Internet by default.
This vulnerability allows an attacker to access the telnet service of the device using a built-in admin account that has no password, allowing the attacker unrestricted access to the device from both the LAN and Internet.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 31332 - ASUS RT-N13U Unpassworded Telnet Administrator Access (20131101) (Zero-Day)
Block external access to the telnet service of the device.