asus

4 articles
sort: new top best
clear filter
bug-bounty496 xss255 rce132 bragging-post119 google109 account-takeover107 authentication-bypass94 privilege-escalation92 open-source92 facebook86 csrf83 malware83 microsoft76 access-control75 stored-xss75 ai-agents67 web-security64 reflected-xss63 exploit62 phishing59 cve55 information-disclosure52 input-validation52 sql-injection51 smart-contract49 defi48 cross-site-scripting48 privacy47 tool46 ethereum46 reverse-engineering45 ssrf44 api-security44 vulnerability-disclosure40 web-application38 ai-security38 burp-suite37 opinion37 llm37 dos36 writeup36 apple36 automation35 responsible-disclosure35 cloudflare34 remote-code-execution33 web333 infrastructure33 html-injection33 smart-contract-vulnerability33
0 5/10
ASUS RCE vulnerability on rma.asus-europe.eu
bug-bounty

Researcher discovered an RCE vulnerability on ASUS's RMA portal by bypassing front-end file upload restrictions, uploading an ASP shell to the predictable /uploads directory on IIS 8.5. The vulnerability was patched after disclosure, though the researcher experienced poor communication from ASUS and had to persist to be added to their Hall of Fame.

rce file-upload upload-restriction-bypass asp iis front-end-bypass asus responsible-disclosure
ASUS rma.asus-europe.eu Mustafa Kemal Can Microsoft-IIS 8.5 [email protected]
mustafakemalcan.com · devanshbatham/Awesome-Bugbounty-Writeups · 17 hours ago · details
0 3/10
Reflected XSS on ASUS
vulnerability

Reflected XSS vulnerability discovered in ASUS's press subdomain (press.asus.com/search) via unsanitized search parameter, exploited with a basic script injection payload and resolved within 13 days of responsible disclosure.

reflected-xss web-application asus subdomain-enumeration vulnerability-disclosure search-parameter
ASUS Thejus Krishnan press.asus.com
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 17 hours ago · details
0 5/10
14,000 routers are infected by malware that's highly resistant to takedowns
threat-intel

Researchers discovered KadNap, a botnet of 14,000+ Asus routers using Kademlia-based peer-to-peer distributed hash tables for decentralized command-and-control, making it highly resistant to traditional takedown methods while serving as infrastructure for the Doppelganger anonymous proxy service.

botnet router-malware peer-to-peer kadmelia-dht command-and-control asus takedown-resistant doppelganger-proxy distributed-hash-tables anonymity-network firmware-vulnerability unpatched-vulnerability
KadNap Black Lotus Labs Lumen Chris Formosa Steve Rudd Asus Kademlia Doppelganger BitTorrent IPFS
arstechnica.com · Brajeshwar · 2 days ago · details · hn
0 4/10
14,000 routers are infected by malware that's highly resistant to takedowns
threat-intel

KadNap, a takedown-resistant botnet infecting ~14,000 routers (primarily Asus models), uses a Kademlia-based peer-to-peer architecture with distributed hash tables for command-and-control evasion. The compromised devices are conscripted into the Doppelganger proxy service to anonymously tunnel cybercriminal traffic.

botnet router-malware asus peer-to-peer kademlia dht command-and-control proxy-network unpatched-vulnerabilities cybercrime-infrastructure takedown-resistant black-lotus-labs doppelganger distributed-hash-tables
KadNap Black Lotus Labs Chris Formosa Steve Rudd Asus Kademlia Doppelganger Lumen BitTorrent IPFS
arstechnica.com · mikelgan · 2 days ago · details · hn