CVE-2023-47678 – An improper access control vulnerability in ASU... (How to Fix)

Q: What is the severity of CVE-2023-47678?

CVE-2023-47678 has a CVSS score of 9.1 (CRITICAL). An improper access control vulnerability in ASUS RT-AC87U routers allows attackers to read or write files via TFTP connections. This affects all versions of the RT-AC87U router. Attackers can potentially access sensitive files or modify system files without authentication.

📋 TL;DR

An improper access control vulnerability in ASUS RT-AC87U routers allows attackers to read or write files via TFTP connections. This affects all versions of the RT-AC87U router. Attackers can potentially access sensitive files or modify system files without authentication.

💻 Affected Systems

Products:

ASUS RT-AC87U

Versions: All versions

Operating Systems: Router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: This router is End-of-Life (EOL) and no longer receives security updates from ASUS.

📦 What is this software?

Rt Ac87u Firmware by Asus

View all CVEs affecting Rt Ac87u Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise including credential theft, persistent backdoor installation, and network-wide access to connected devices.

🟠

Likely Case

Unauthorized file access leading to configuration theft, credential harvesting, or limited file modification.

🟢

If Mitigated

No impact if TFTP access is properly restricted or disabled.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, making them directly accessible to attackers.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they gain network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires TFTP access to the router, which may be enabled by default or through specific configurations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None available

Vendor Advisory: https://www.asus.com/event/network/EOL-product/

Restart Required: No

Instructions:

No official patch available. The device is End-of-Life. Consider replacement or workarounds.

🔧 Temporary Workarounds

Disable TFTP Service

all

Disable the TFTP service on the router to prevent exploitation.

Access router admin interface > Administration > System > Enable TFTP Server: Disable

Restrict TFTP Access

all

Configure firewall rules to restrict TFTP access to trusted IP addresses only.

Access router admin interface > Firewall > General > Add rules to block TFTP (port 69) from untrusted sources

🧯 If You Can't Patch

Replace the router with a supported model that receives security updates
Isolate the router in a separate network segment with strict access controls

🔍 How to Verify

Check if Vulnerable:

Check if TFTP service is enabled on port 69: Use 'nmap -p 69 <router_ip>' or attempt TFTP connection to the router.

Check Version:

Log into router admin interface > Administration > Firmware Upgrade to see current version

Verify Fix Applied:

Verify TFTP service is disabled: Attempt TFTP connection to port 69 should fail. Check router admin interface TFTP settings.

📡 Detection & Monitoring

Log Indicators:

Unusual TFTP connection attempts in router logs
File access/modification events via TFTP

Network Indicators:

TFTP traffic to router on port 69 from unexpected sources
Multiple failed TFTP connection attempts

SIEM Query:

source="router_logs" AND (tftp OR port_69) AND (access OR connection)

📊 Metadata

CVE ID: CVE-2023-47678

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Published: November 15, 2023

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/en/vu/JVNVU96079387/ Third Party Advisory
https://www.asus.com/event/network/EOL-product/ Product
https://www.asus.com/support/ Not Applicable
https://jvn.jp/en/vu/JVNVU96079387/ Third Party Advisory
https://www.asus.com/event/network/EOL-product/ Product
https://www.asus.com/support/ Not Applicable

📤 Share & Export

📄 Export Markdown 📋 Export JSON