SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > Wireless Networking > ASUS Wireless > Asuswrt-Merlin

Reply
 
Thread Tools Search this Thread Display Modes
  #11  
Old 01-30-2013, 08:55 PM
RMerlin's Avatar
RMerlin RMerlin is offline
Very Senior Member
 
Join Date: Apr 2012
Location: Canada
Posts: 11,188
Thanks: 58
Thanked 6,277 Times in 2,557 Posts
RMerlin is just starting out
Default

Quote:
Originally Posted by Bagman View Post
I just installed Java and the Rapid 7 scan test. It identifies my RT-N66U running the latest Merlin beta as a UPnP device, but says it's not exploitable. I get the same results as KevTech does in the link in the post above.

Maybe Asus has patched the vulnerability even though they've patched to the older UPnP 1 that is listed as vulnerable?
That wouldn't surprise me. They do a lot of upstream backporting. That means minimal risk of breaking something, unlike if they were to fully upgrade the whole software.
__________________
Asuswrt-Merlin: Customized firmware for Asus routers
Github: github.com/RMerl - Twitter: RMerlinDev
See the sticky post for more info.
Reply With Quote
  #12  
Old 01-31-2013, 10:49 PM
sfx2000 sfx2000 is offline
Very Senior Member
 
Join Date: Aug 2011
Location: San Diego, CA
Posts: 1,274
Thanks: 16
Thanked 136 Times in 122 Posts
sfx2000 is just starting out
Default

This goes well beyond just ASUS...

http://forums.smallnetbuilder.com/showthread.php?t=9720

sfx
Reply With Quote
  #13  
Old 02-01-2013, 12:38 AM
RMerlin's Avatar
RMerlin RMerlin is offline
Very Senior Member
 
Join Date: Apr 2012
Location: Canada
Posts: 11,188
Thanks: 58
Thanked 6,277 Times in 2,557 Posts
RMerlin is just starting out
Default

Quote:
Originally Posted by sfx2000 View Post
This goes well beyond just ASUS...

http://forums.smallnetbuilder.com/showthread.php?t=9720

sfx
Just to reiterate: Asuswrt is NOT vulnerable. In fact, it doesn't even use the mentionned upnp stack, but relies on Miniupnpd.

This is (IMHO) another security research company trying to blow out of proportion a security hole that only affects certain routers, and fail to actually mention which ones are affected. Not every router out there runs the Broadcom stack (and some don't even use Broadcom).
__________________
Asuswrt-Merlin: Customized firmware for Asus routers
Github: github.com/RMerl - Twitter: RMerlinDev
See the sticky post for more info.
Reply With Quote
The Following 4 Users Say Thank You to RMerlin For This Useful Post:
  #14  
Old 02-02-2013, 08:46 AM
MintyTrebor MintyTrebor is offline
New Member
 
Join Date: Jan 2013
Posts: 2
Thanks: 1
Thanked 4 Times in 1 Post
MintyTrebor is just starting out
Default

For those who want independent confirmation, or who also run other model routers, the Shields Up firewall testing service @ www.grc.com, has been updated to incorporate a probe for these vulnerabilities (no install or registration required, all done from a web page).

It also includes a link to a Security Now podcast which explains the issue, for those who want more info.
Reply With Quote
The Following 4 Users Say Thank You to MintyTrebor For This Useful Post:
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -4. The time now is 10:38 PM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  426
azazel1024  125
john9527  95
L&LD  95
htismaqe  78
ColinTaylor  73
stevech  68
hggomes  62
sfx2000  55
Anzaia  49
RMerlin  6276
john9527  447
stevech  353
ryzhov_al  289
TeHashX  252
L&LD  242
RogerSC  202
sinshiva  146
sfx2000  136
joegreat  127
Most Viewed Threads* Hottest Threads*
Old Asuswrt-Merli...  49045
Old RT-AC68 -...  22807
Old Moderate Nat...  4894
Old ASUS RT-N66U...  4412
Old iOS 8.1...  4013
Old RT-AC87U -...  2496
Old WiFi...  2449
Old RT-AC68P QOS...  2008
Old AC68U,...  1824
Old Ruckus...  1704
Old Asuswrt-Merli...  222
Old RT-AC68 -...  137
Old Review: 24...  35
Old iOS 8.1...  33
Old Moderate Nat...  31
Old WiFi...  27
Old RT-AC87U -...  26
Old RT-AC68P QOS...  24
Old How to flash...  24
Old Linksys...  21


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.