An unknown group has a list with more than ten thousand ip-addresses published of Asus routers with vulnerable ftp client. Also the logins of the AirCloud-inlogdienst are released. The publication would have been done to Asus putting pressure on the holes quickly close it.
According to the group, which consists of eight anonymous internet users, contain various router models from the RT-series of Asus is a number of security holes and default settings that the manufacturer has long been known, but still not his poem. Reference here is made to a posting of SecurityFocus in June in which several vulnerabilities are addressed. To enable Asus with the option for ftp access by default, anonymous access, allowing any internet user to easily the content of, for example, a connected hard drive can be read. A second error is that the AirCloud-server with the necessary user names and password, writes in an unencrypted text file that also is to download.
Because Asus according to the group these issues are still hardly would have solved it is there to protest a torrent file posted online with sensitive data, including almost 13,000 ip addresses to a vulnerable Asus router refer. Also, there are directory listings to find, which are accessed via the anonymous ftp-access of the router firmware, as well as logindata for AiCloud.
Although the group acknowledges that with the publication of this data, innocents could be hit, they argue that the end justifies the means: this might be the only way companies are enough to shake up the security issues actually resolve and the security of products that their customers decline to take seriously. Asus has a number router models but with firmware updates that the cited security issues would resolve. The user should, however, be the necessary steps to convert to the update.