Multiple vulnerabilities affecting several ASUS

The affected ASUS routers suffer from insecure default configuration for Anonymous users, once anonymous access in enabled. Write access is enabled for all directories in the attached storage by default. Furthermore, the administrator is not able to restrict read or write access for any specific directories on attached storage devices
Affected Vendor: ASUS - http://www.asus.com/au/Networking/Wireless-Routers-Products/
Affected Device: Multiple - including: RT-AC3200
Affected Version: Multiple - including: 3.0.0.4.378_7838
Issue type: Multiple Vulnerabilities
Release Date: 14 Apr 2016
Discovered by: T.J. Acton
Issue status: Vendor patch available at
http://www.asuswrt.net/2016/03/30/asus-release-beta-firmware-for-acn-router 

Summary 

ASUS produces a suite of mid to high-end consumer-grade routers. The RT-AC3200 is confirmed to be affected, and the following devices are assumed to be affected:
TM-AC1900RT-AC3200RT-AC87URT-AC68URT-AC68PRT-AC68RRT-AC68WRT-AC66RRT-AC66WRT-AC66URT-AC56URT-AC51U RT-N18U 
top
BAE Systems, Threat Research Team 20 April 2016