Asus Recommends Factory Reset to Remove SSH Backdoor
By Netvora Tech News
Asus is advising thousands of owners of compromised routers to perform a factory reset and subsequently set a minimum 10-character administrator password to remove an SSH backdoor installed by attackers. This is the only method to remove the SSH backdoor, which was added to nearly 9,000 Asus routers by attackers last week. According to security firm GreyNoise, the backdoor allows remote access to the router using a custom port (TCP/53282) and a public key. The backdoor is stored in non-volatile memory (NVRAM) and is not removed during firmware updates or reboots. The attack exploited an older vulnerability, identified as CVE-2023-39780, which enables command injection. GreyNoise previously advised affected router owners to perform a factory reset, and now Asus is echoing this recommendation to PCMag. In addition, the company suggests using an administrator password of at least 10 characters. Asus also notes that end-of-life devices, which no longer receive security updates, remain "still safe to use." However, the company recommends using the latest firmware, setting a strong password, and disabling remote access features, such as SSH, DDNS, AiCloud, or Web Access, from the WAN side. **Recommendations for Affected Router Owners:**
- Perform a factory reset to remove the SSH backdoor
- Set a minimum 10-character administrator password
- Use the latest firmware
- Set a strong password
- Disable remote access features from the WAN side
Comments (0)
Leave a comment