Asus RT-N66U - CSRF Vulnerability

EDB-ID: 28652 CVE: N/A OSVDB-ID: 98455
Verified: Author: cgcai Published: 2013-09-30
Download Exploit: Source Raw Download Vulnerable App: N/A
Exploit Title: CSRF Asus RT-N66U Arbitrary Command Execution
Google Dork: N.A.
Date: 30 September 2013
Exploit Author: cgcai (
Vendor Homepage:
Software Link:
Tested on: N.A.
CVE: Pending

The Asus RT-N66U is a home wireless router. Its web application has a CSRF vulnerability that allows an attacker to execute arbitrary commands on the target device.

Exploitable URL:
The parameter "SystemCmd" in the URL below causes the device to execute arbitrary commands. (The value encoded in the example is `nvram show`)

The URL should be submitted as a `GET` request.

Console output can be observed by sending a `GET` request to `` after calling the URL above, if so desired.

The URLs above are protected with HTTP Basic Access Authentication. If a victim has logged in to the router recently, the exploit will work without further intervention. Otherwise, attackers can try supplying default credenitals in the URL.