Multiple vulnerabilities affecting several ASUS

The affected ASUS routers suffer from insecure default configuration for Anonymous users, once anonymous access in enabled. Write access is enabled for all directories in the attached storage by default. Furthermore, the administrator is not able to restrict read or write access for any specific directories on attached storage devices
Affected Vendor: ASUS -
Affected Device: Multiple - including: RT-AC3200
Affected Version: Multiple - including:
Issue type: Multiple Vulnerabilities
Release Date: 14 Apr 2016
Discovered by: T.J. Acton
Issue status: Vendor patch available at 


ASUS produces a suite of mid to high-end consumer-grade routers. The RT-AC3200 is confirmed to be affected, and the following devices are assumed to be affected:
BAE Systems, Threat Research Team 20 April 2016