Administrator auto-logout design flaw in ASUS wireless routers

Posted by David Longenecker on Jan 20

ASUS wireless routers have an optional feature (beginning with firmware
3.0.0.4.374_5656, dated April 2014) to log the administrator out after a
period of idle time. While there are scenarios where you might want to keep
an idle logged-in session, remaining logged in makes it possible for a
malicious hacker to use that session by tricking the user into clicking a
link.

Models based on the ASUSWRT firmware up to and including the most recent…

Leave a Reply