Friedrich Postelstorfer

**Name of the Vulnerable Software and Affected Versions** ASUS WRT firmware versions 3.0.0.4.376 1071 through 3.0.0.376.2524-g0013f52 **Description** The issue allows remote attackers to bypass authentication and execute arbitrary commands. This is achieved by sending a NET CMD ID MANU CMD packet to UDP port 9999, due to improper checking of the MAC address for a request. **Recommendations** For versions 3.0.0.4.376 1071 through 3.0.0.376.2524-g0013f52, consider restricting access to UDP port 9999 to minimize the risk of exploitation. As a temporary workaround, avoid using the NET CMD ID MANU CMD packet until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.