Off-by-One Conference 2025

When ASUS IoT Devices Play Hide-and-Seek with Security: A Vulnerability Adventure

swing, chumen77, fxc233 | Day 1, 4:05pm - 4:50pm

Abstract

Asus, as a leading consumer electronics manufacturer, offers a wide range of IoT devices, but its router products have historically faced significant challenges in security, including critical vulnerabilities such as the cfgserver issue in the Tianfu Cup and the httpd authentication bypass vulnerability. These incidents reveal potential shortcomings in the security design of ASUS router products.

This presentation will provide a systematic attack surface analysis of ASUS router devices, focusing on a review of some key historical vulnerabilities and a deep dive into the lighttpd component within the aicloud service to identify potential security risks. Our analysis will cover multiple vulnerabilities and their associated remote code execution (RCE) vulnerability chains, assess their impact scope and potential consequences, and offer recommendations for future improvements.

The Speaker(s)

swing

WeiMing Shi (@swing) is a security researcher from Chaitin Tech. His work primarily focuses on the discovery and exploitation of vulnerabilities, with research interests spanning a wide range of areas, including but not limited to the Internet of Things (IoT) and network security application. He has discovered multiple vulnerabilities in products from major vendors such as Cisco, ASUS, Huawei, Xiaomi and has received acknowledgments.

chumen77

GaoJu Yang (@chumen77) is a security researcher, primarily focusing on vulnerability discovery and exploitation, continuously honing and enhancing his skills. Currently, his main focus is on the security of embedded devices. He has discovered multiple RCE vulnerabilities in various smart devices and has received acknowledgments from multiple manufacturers. He has also presented topics at HITB.

fxc233

He is a senior from X1cT34m Team at Nanjing University of Posts and Telecommunications, mainly focuses on the IOT security and protocol security. He has found and reported many vulnerabilities in IoT devices, and has won multiple awards in related competitions as a member of ChaMd5.