Unauthenticated users can rip unsalted passwords from Asus routers.
Critically the pwning of the high-end consumer routers requires users to enable anonymous access to FTP servers.
Users can thanks to insecure default configuration access all sensitive parts of the system without the possibility of restrictions being implemented including unsalted passwords
Hackers at BAE Systems say some 13 ASUS routers are assumed to be affected with the tri-band AC3200 model confirmed.
Patches are available and a proof of concept to steal root passwords and spawn a shell has been published.