"ASUS Home Router Bugs Open Consumers to Snooping Attacks"

Researchers at Trustwave have discovered two flaws in ASUS routers that allow man-in-the-middle attacks that would give an attacker access to all data flowing through the router.  The bugs are found in the RT-AC1900P whole-home Wi-Fi model, within the router’s firmware update functionality.  The first issue (CVE-2020-15498) stems from a lack of certificate checking.  The second bug (CVE-2020-15499) is a cross-site scripting (XSS) vulnerability in the Web Management interface related to firmware updates.  ASUS has issued patches for the bugs, and owners are urged to apply the updates as soon as possible.  

Threatpost reports: "ASUS Home Router Bugs Open Consumers to Snooping Attacks"