CVE-2024-28327
📋 TL;DR
The Asus RT-N12+ B1 router stores user passwords in plaintext, allowing local attackers with physical or network access to read credentials and gain unauthorized administrative access. This affects all users of this specific router model who haven't applied security patches.
💻 Affected Systems
- Asus RT-N12+ B1
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full administrative control of the router, enabling them to modify DNS settings, intercept traffic, install malware, or lock legitimate users out of the device.
Likely Case
Local network attackers or anyone with brief physical access can extract passwords and change router settings, potentially redirecting traffic or compromising connected devices.
If Mitigated
With proper network segmentation and physical security, risk is limited to authorized users who might abuse their access, but the vulnerability remains present.
🎯 Exploit Status
Exploitation requires local access (physical or network) to read stored credentials, but the technique is simple once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Asus support for latest firmware
Vendor Advisory: http://asus.com
Restart Required: Yes
Instructions:
1. Log into router admin interface. 2. Navigate to Firmware Upgrade section. 3. Download latest firmware from Asus support site. 4. Upload and apply firmware update. 5. Reboot router after update completes.
🔧 Temporary Workarounds
Change default admin password
allChange the router's admin password to a strong, unique password that isn't reused elsewhere.
Enable WPA3/WPA2 encryption
allUse strong wireless encryption to prevent unauthorized network access that could lead to credential extraction.
🧯 If You Can't Patch
- Replace the router with a model that properly encrypts credentials
- Isolate the router on a separate network segment to limit potential damage
🔍 How to Verify
Check if Vulnerable:
Check if router model is Asus RT-N12+ B1 and firmware hasn't been updated recently. Physical inspection or accessing admin interface shows model info.Check Version:
Log into router admin interface and check Firmware Version in System Status or similar section.Verify Fix Applied:
After firmware update, verify version is latest from Asus support site and test that password changes are properly handled.📡 Detection & Monitoring
Log Indicators:
- Multiple failed login attempts followed by successful login from unusual IP
- Configuration changes from unexpected sources
Network Indicators:
- DNS settings changed unexpectedly
- New port forwards or firewall rules added
SIEM Query:
source="router_logs" AND (event="admin_login" AND src_ip NOT IN [authorized_ips]) OR (event="config_change" AND user!="legitimate_admin")