Thomas的部落格

Asus Access Point WL530g has a telnet service enabled without any authentication requried.

For anyone who telnet to the Access Point will get a Sash Command Shell instantly.

Inside the shell, whenever the Administrator save or export the setting of the AP, a copy of this file will be stored in the directory of /tmp/settings.

Thus, anyone can read the file and get the Web Admin login credential, PPPoE credential, WEP/WPA keys and other configuration inforamtions.

Asus has released a newer version of the firmware to remove this service but they didn't talk about this vulnerability.

I would recommand anyone who is using this AP to upgrade their firmware ASAP.