This was just posted on BugTraq. I believe there's a few of these ASUS
routers in NZ.

Kerry.

----
Subject: Asus AAM6000EV ADSL Router Wide Open
From: cw <security@fidei.co.uk>
Date: Tue, July 15, 2003 6:45
To: <bugtraq@securityfocus.com>
Priority: Normal
Asus have been notified but haven't even acknowledged yet alone mentioned
a fix.
If the inbuilt webserver is activated, anyone on the local network can get
the full user/pass list from the router without any identification
whatsoever by going to the ip address of the router and appending
/userdata
Example, say the ip address is 192.168.0.1, go to:
http://192.168.0.1/userdata
This will output the contents of the userdata file which contains completely
unencrypted usernames and passwords. There are plenty of other files that
can be access with this trick, I haven't looked at the content of them so
I don't know what else you can do.
This security flaw arises because the webserver on the router is mapped to
index.html which provides a link to /secure/Home.htm
You are not prompted for a password until you attempt to access files
under /secure
Telnet to the router, enter the user mode console and then type "flashfs"
Type ls to see all configuration files accessible through this flaw.
----
-- 
Kerry Thompson, CCNA CISSP
Information Systems Security Consultant
http://www.crypt.gen.nz  kerry@crypt.gen.nz
-- 
This message is part of the NZ ADSL mailing list. 
see http://unixathome.org/adsl/ for archives, FAQ, 
and various documents. 
To unsubscribe: send mail to majordomo@lists.unixathome.org 
with "unsubscribe adsl" in the body of the message