CVE-2013-4656 – This CVE describes a symlink traversal vulnerab... (How to Fix)

Q: What is the severity of CVE-2013-4656?

CVE-2013-4656 has a CVSS score of 9.8 (CRITICAL). This CVE describes a symlink traversal vulnerability in ASUS RT-AC66U and RT-N56U routers due to SMB service misconfiguration. Attackers can exploit this to access arbitrary files on the router's filesystem. This affects users of these specific ASUS router models with default configurations.

📋 TL;DR

This CVE describes a symlink traversal vulnerability in ASUS RT-AC66U and RT-N56U routers due to SMB service misconfiguration. Attackers can exploit this to access arbitrary files on the router's filesystem. This affects users of these specific ASUS router models with default configurations.

💻 Affected Systems

Products:

ASUS RT-AC66U
ASUS RT-N56U

Versions: All firmware versions prior to patched versions

Operating Systems: Router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default SMB configuration on these models.

📦 What is this software?

Rt Ac66u\+ Firmware by Asus

View all CVEs affecting Rt Ac66u\+ Firmware →

Rt N56u Firmware by Asus

View all CVEs affecting Rt N56u Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing remote code execution, credential theft, network traffic interception, and persistent backdoor installation.

🟠

Likely Case

Unauthorized file access leading to configuration file theft, credential harvesting, and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external exploitation.

🌐 Internet-Facing: HIGH - SMB service exposed to internet by default on affected routers.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they gain network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation is straightforward using symlink traversal techniques against the SMB service.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware versions after 2013 (specific version numbers vary by model)

Vendor Advisory: https://www.asus.com/support/

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to Firmware Upgrade section. 3. Download latest firmware from ASUS support site. 4. Upload and apply firmware update. 5. Reboot router.

🔧 Temporary Workarounds

Disable SMB Service

all

Turn off the vulnerable SMB service completely

Login to router admin panel -> USB Application -> Network Place (Samba) Share -> Disable

Restrict SMB Access

all

Limit SMB service to trusted internal networks only

Login to router admin panel -> Firewall -> Access Control -> Restrict SMB ports

🧯 If You Can't Patch

Replace affected routers with newer models or different vendors
Implement strict network segmentation to isolate routers from critical assets

🔍 How to Verify

Check if Vulnerable:

Check router firmware version and compare against patched versions from ASUS advisory. Test SMB service for symlink traversal using security tools.

Check Version:

Login to router admin interface and check System Status or Firmware Version page

Verify Fix Applied:

Verify firmware version is updated to patched version. Test SMB service to confirm symlink traversal no longer works.

📡 Detection & Monitoring

Log Indicators:

Unusual SMB access patterns
Multiple failed SMB authentication attempts
Access to sensitive system files via SMB

Network Indicators:

SMB traffic to router from external sources
Unusual port 445/tcp activity to router

SIEM Query:

source_ip=external AND dest_ip=router_ip AND dest_port=445 AND protocol=SMB

📊 Metadata

CVE ID: CVE-2013-4656

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: November 13, 2019

Last Updated: November 21, 2024

🔗 References

https://www.ise.io/casestudies/exploiting-soho-routers/ Mitigation,Third Party Advisory
https://www.ise.io/soho_service_hacks/ Third Party Advisory
https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf Third Party Advisory
https://www.ise.io/casestudies/exploiting-soho-routers/ Mitigation,Third Party Advisory
https://www.ise.io/soho_service_hacks/ Third Party Advisory
https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2013-4656, you might also want to check these: