Update available for ASUS routers that allow files to be accessible from the internet: SSO Alert Priority Moderate
25 February 2014
A vulnerability on some ASUS routers discovered in 2013, that allows anyone to access files on your network, has recently been fixed in an update.
If you have an affected ASUS router, it is recommended that you apply the firmware update immediately.
Affected router models include RT-AC66R, RT-AC66U, RT-N66R, RT-N66U, RT-AC56U, RT-N56R, RT-N56U, RT-N14U, RT-N16 and RT-N16R.
Many ASUS routers come with functionality that lets you share files from external hard drives and computers, to other computers over the internet, called AiCloud. The vulnerability will allow someone to access your files via AiCloud, without a password.
Applying the firmware update to your router will address this issue.
What is a router?
A router is a device that creates and controls a network between computers, and is commonly found in homes with broadband internet. In many cases your modem is also likely to act as your router.
Routers allow multiple computers to connect to the same network, either with cables or wirelessly. Your router’s settings can be configured through a web interface called an administration panel. Routers can also protect devices on your network, dictating what sort of connections they can receive.
Updating your firmware
Please note: Updating firmware involves changing the way a device operates, and therefore the instructions need to be followed exactly. An incorrect firmware update can render your router useless, which will need technical assistance to fix. Read through the instructions before you start, and if you are unsure about a step, seek technical advice.
To obtain instructions for updating firmware for your model, navigate to www.asus.com.au.
In the search field at the top of the screen search for your model number.
Choose your router, select “Support” and then “Driver & Tools”.
Select your operating system. Then select “Firmware” from the results; choose the most recently updated firmware download available, which should be the top result.
From the Driver & Tools section you can also download the appropriate manual for your model which will include more detailed instructions for updating your firmware on a page titled “Upgrading the firmware”.
A recent Stay Smart Online Alert addressed vulnerabilities in other routers, and contains more general advice on routers and upgrading firmware. The instructions in this alert are specific to ASUS routers.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.