MorphZone

ASUS router vulnerabilities

Piru

# 1
MorphOS Developer

Posts: 587 from 2003/2/24

From: finland, the l...

Hello,

This is somewhat OT but still I'm fairly sure that might cover several users here, too. Several critical vulnerabilities have been found from ASUS home routers.

The recommended action is to upgrade to the latest firmware update available from ASUS (version 3.0.0.4.374.4422 or later).

See details here:
https://sintonen.fi/advisories/asus-router-auth-bypass.txt

The same update also fixes other critical vulnerabilities, discussed here:
http://seclists.org/bugtraq/2013/Jul/87
»21.02.14 - 15:19

clr666

# 2
Butterfly

Posts: 85 from 2008/7/8

From: Russia

My Asus RT-N16 successfully updated :)
_______________
wintel free
»21.02.14 - 16:47

Intuition

# 3
Paladin of the Pegasos

Posts: 1110 from 2013/5/24

From: Nederland

Using one of these alternative firmwares if your router is supported might be a good idea.

https://openwrt.org/
https://secure.dd-wrt.com/site/
http://www.polarcloud.com/tomato
http://tomatousb.org/

I'm no security professional though so I defer to Piru's knowledge.
1.67GHz 15" PowerBook G4, 1GB RAM, 128MB Radeon 9700M Pro, 64GB SSD, MorphOS 3.15

2.7GHz DP G5, 4GB RAM, 512MB Radeon X1950 Pro, 500GB SSHD, MorphOS 3.9
»21.02.14 - 17:56

Piru

# 4
MorphOS Developer

Posts: 587 from 2003/2/24

From: finland, the l...

Quote:

Intuition wrote:
Using one of these alternative firmwares if your router is supported might be a good idea.

Indeed. The only problem with them is that they're not very end user friendly.
»21.02.14 - 18:26

Intuition

# 5
Paladin of the Pegasos

Posts: 1110 from 2013/5/24

From: Nederland

Quote:

Piru wrote:
Quote:

Intuition wrote:
Using one of these alternative firmwares if your router is supported might be a good idea.

Indeed. The only problem with them is that they're not very end user friendly.

Very true, though I've had dd-wrt on my tp-link router for a couple of years and it took a bit of pain to initially configure but pretty much takes care of itself now.
1.67GHz 15" PowerBook G4, 1GB RAM, 128MB Radeon 9700M Pro, 64GB SSD, MorphOS 3.15

2.7GHz DP G5, 4GB RAM, 512MB Radeon X1950 Pro, 500GB SSHD, MorphOS 3.9
»21.02.14 - 18:35

Intuition

# 6
Paladin of the Pegasos

Posts: 1110 from 2013/5/24

From: Nederland

http://lifehacker.com/how-to-supercharge-your-router-with-dd-wrt-508138224
1.67GHz 15" PowerBook G4, 1GB RAM, 128MB Radeon 9700M Pro, 64GB SSD, MorphOS 3.15

2.7GHz DP G5, 4GB RAM, 512MB Radeon X1950 Pro, 500GB SSHD, MorphOS 3.9
»28.04.14 - 07:33

Jupp3

# 7
Paladin of the Pegasos

Posts: 1193 from 2003/2/24

From: Helsinki, Finland

Quote:

The only problem with them is that they're not very end user friendly.

Of course that highly depends on the user

I find it much more user friendly to be able to write f.ex. port forwarding rules to specific files with a text editor, with any amount of comments I like, rather than "trying to squeeze the same information into few html text boxes" (minus comments, usually...)

And official firmwares are hardly ever very user friendly to begin with (assuming you want anything more complex than "being able to access facebook with browser" or such). Documentation is usully really bad, and wastes >50% of available pages on "How to get any internet connection working on Windows XP".

Last time I was using asus router, I couldn't figure out how to enter port forwarding rules. Only got highly informative error message "Port X is not a valid port." for which ever port number I entered. Of course I carefully picked the model so it would work with OpenWRT (unlike my previous Linksys WRT54g, which had to be manually rebooted twice a week, or it would slow down, and eventually stop working at all) - I installed it, and that was SO much easier, but definitely needs some "unix knowledge", if you have it and like it, you're at home. Of course unofficial firmwares also have html interfaces aswell.
»30.04.14 - 17:53