BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

ASUS RT-N13U Unpassworded Telnet Administrator Access

Disclosed October 29, 2013    Zeroday : 308 days

Vulnerability Description:

The ASUS RT-N13U router has a telnet service running by default that can be accessed by an attacker, using the ‘admin’ username and no password. This is accessible to both the LAN and Internet by default.

Vendors:

ASUS

Vulnerable Software/Devices:

ASUS RT-N13U

Vulnerability Severity:

High

Exploit Availability:

Publicly Available

Exploit Impact:

Security Bypass
This vulnerability allows an attacker to access the telnet service of the device using a built-in admin account that has no password, allowing the attacker unrestricted access to the device from both the LAN and Internet.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 31332 - ASUS RT-N13U Unpassworded Telnet Administrator Access (20131101) (Zero-Day)

Mitigation:

Block external access to the telnet service of the device.

Links:

CVE(s):

None