Configuration Hijacking in ASUS WL-330NUL Router
CVE-2013-7293

Currently unrated

Key Information:

Vendor: Asus
Status: Wl-330nul
Vendor: CVE Published:; 15 January 2014

Summary

The ASUS WL-330NUL router is susceptible to configuration hijacking due to its reliance on a DNS hostname that does not reliably resolve to the router's default IP address, 192.168.1.1. This misconfiguration allows attackers to intercept and manipulate the configuration traffic by controlling the DNS server associated with the hostname. Users may unknowingly expose their device to potential threats, as attackers can exploit this to gain unauthorized access and alter router settings.

References

http://www.securityfocus.com/bid/64799

vdb-entryx_refsource_BID

http://www.kb.cert.org/vuls/id/191750

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability published
Jan 15, 2014
Vulnerability Reserved
Jan 14, 2014