ASUSWRT Information Disclosure on update_applist.asp
ASUSWRT is the firmware that is shipped with modern ASUS routers. ASUSWRT has a web-based interface, so it doesn’t need a separate app, or restrict what you can change via mobile devices – you get full access to everything, from any device that can run a web browser.
An unauthenticated user can request the
http://<ROUTERIP>/update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.
Although getting to know if a USB storage is attached to the device does seems not a vulnerability,
this will let the attacker knows more about the router.
The information can be seen when you view the source for the
The vendor has acknowledged the issue and issued a firmware update to correct it.