SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > Wireless Networking > ASUS Wireless > Asuswrt-Merlin

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 01-30-2013, 06:59 AM
Bagman's Avatar
Bagman Bagman is offline
Member
 
Join Date: Nov 2012
Posts: 70
Thanks: 21
Thanked 20 Times in 14 Posts
Bagman is just starting out
Default UPNP Security flaw.

From this article:

Quote:
Tens of millions of network-enabled devices including routers, printers, media servers, IP cameras, smart TVs and more can be attacked over the Internet because of dangerous flaws in their implementation of the UPnP (Universal Plug and Play) protocol standard, security researchers from Rapid7 said Tuesday in a research paper.
Quote:
Eight remotely exploitable vulnerabilities have been identified in the Portable UPnP SDK, including two that can be used for remote code execution, the researchers said.
RT-N66U, RT-AC66U and other Asus routers are exposing SOAP to the internet according to this list.

Is Merlin's build vulnerable, and can you do a quick fix by updating to the newer versions of miniUPnP and UPnP?
Reply With Quote
The Following User Says Thank You to Bagman For This Useful Post:
  #2  
Old 01-30-2013, 09:50 AM
octopus's Avatar
octopus octopus is online now
Very Senior Member
 
Join Date: Jul 2012
Posts: 201
Thanks: 19
Thanked 13 Times in 12 Posts
octopus is just starting out
Default

Quote:
Originally Posted by Bagman View Post
From this article:





RT-N66U, RT-AC66U and other Asus routers are exposing SOAP to the internet according to this list.

Is Merlin's build vulnerable, and can you do a quick fix by updating to the newer versions of miniUPnP and UPnP?
http://www.linksysinfo.org/index.php...concern.67960/
Reply With Quote
  #3  
Old 01-30-2013, 10:37 AM
dannytill dannytill is offline
New Member
 
Join Date: Jan 2013
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
dannytill is just starting out
Default

Quote:
Originally Posted by octopus View Post
Does this mean we don't have to worry since our firmware is a fork based off tomato?
Reply With Quote
  #4  
Old 01-30-2013, 11:00 AM
RMerlin's Avatar
RMerlin RMerlin is offline
Very Senior Member
 
Join Date: Apr 2012
Location: Canada
Posts: 11,187
Thanks: 58
Thanked 6,274 Times in 2,557 Posts
RMerlin is just starting out
Default

Asuswrt still uses an older version of Miniupnpd (1.4, versus the 1.6 version used by Tomato). Tomato only upgraded theirs after Asuswrt had forked from them.

I started looking at upgrading miniupnpd, but my first attempt at going all the way to 1.7 didn't work too well (I need to upgrade it through patching, since Asuswrt's version is somewhat customized versus the original version, and the resulting patched tree would have many build issues).

I'll see into getting it upgraded for the next build 24 beta, so it can get good testing at the same time.
__________________
Asuswrt-Merlin: Customized firmware for Asus routers
Github: github.com/RMerl - Twitter: RMerlinDev
See the sticky post for more info.
Reply With Quote
The Following 2 Users Say Thank You to RMerlin For This Useful Post:
  #5  
Old 01-30-2013, 11:18 AM
Bagman's Avatar
Bagman Bagman is offline
Member
 
Join Date: Nov 2012
Posts: 70
Thanks: 21
Thanked 20 Times in 14 Posts
Bagman is just starting out
Default

Quote:
Originally Posted by RMerlin View Post
I'll see into getting it upgraded for the next build 24 beta, so it can get good testing at the same time.
Thanks for looking into this Merlin. Now that all the info about these loopholes is out in the open, it seems like only a matter of time before they are targeted by worms/viruses. If you can upgrade the problem components and keep our routers secure, it's just another (major) reason why your firmware is better than the Asus firmware.
Reply With Quote
  #6  
Old 01-30-2013, 12:35 PM
Nerre Nerre is offline
Very Senior Member
 
Join Date: Oct 2012
Posts: 312
Thanks: 0
Thanked 32 Times in 30 Posts
Nerre is just starting out
Default

But does the miniUPnP issue mean it is vulnerable against external attacks or just attacks from the inside?

I thought external attacks would be prevented by sufficient iptables rules?
Reply With Quote
The Following User Says Thank You to Nerre For This Useful Post:
  #7  
Old 01-30-2013, 02:06 PM
Bagman's Avatar
Bagman Bagman is offline
Member
 
Join Date: Nov 2012
Posts: 70
Thanks: 21
Thanked 20 Times in 14 Posts
Bagman is just starting out
Default

Quote:
Originally Posted by Nerre View Post
But does the miniUPnP issue mean it is vulnerable against external attacks or just attacks from the inside?

I thought external attacks would be prevented by sufficient iptables rules?
Read the article - external attacks because the default IPtables rules are not adequately implemented.

What annoys me is some of this stuff has been fixed for years, but big companies like Asus (who should know better) are still using code from 2008. All the have to do is update the relevant modules with ones that are now available.
Reply With Quote
The Following User Says Thank You to Bagman For This Useful Post:
  #8  
Old 01-30-2013, 05:54 PM
RMerlin's Avatar
RMerlin RMerlin is offline
Very Senior Member
 
Join Date: Apr 2012
Location: Canada
Posts: 11,187
Thanks: 58
Thanked 6,274 Times in 2,557 Posts
RMerlin is just starting out
Default

Quote:
Originally Posted by Bagman View Post
Read the article - external attacks because the default IPtables rules are not adequately implemented.

What annoys me is some of this stuff has been fixed for years, but big companies like Asus (who should know better) are still using code from 2008. All the have to do is update the relevant modules with ones that are now available.
At this point, it's unsure if Asuswrt is vulnerable or not. While Asus runs an older miniupnpd, they tend to regularily backport security fixes from upstream, so it's possible they might have patched that flaw already.

Again: unless someone actually test it, it's unsure if it's vunlerable or not. I just want to play it safe on my end, and try to get miniupnpd upgraded to at least version 1.6 (I'll port the Tomato version if needs be, since I don't think Asus has done many changes since the original fork from Tomato).
__________________
Asuswrt-Merlin: Customized firmware for Asus routers
Github: github.com/RMerl - Twitter: RMerlinDev
See the sticky post for more info.
Reply With Quote
  #9  
Old 01-30-2013, 06:06 PM
got_milk got_milk is offline
Senior Member
 
Join Date: Jun 2012
Posts: 106
Thanks: 2
Thanked 18 Times in 15 Posts
got_milk is just starting out
Default

Quote:
Originally Posted by RMerlin View Post
At this point, it's unsure if Asuswrt is vulnerable or not. While Asus runs an older miniupnpd, they tend to regularily backport security fixes from upstream, so it's possible they might have patched that flaw already.
Whether miniupnpd itself is vulnerable or not I'm not sure yet, but it doesn't appear that Asuswrt exposes miniupnpd to the WAN interface (some probing from an external server using nmap shows no responses to my attempts). Even if miniupnpd were vulnerable to such attacks, they would definitely require access to the internal LAN to start, and if you have access to the internal LAN, why would you need to exploit miniupnpd.

This post also seems to indicate that Asus has patched miniupnpd to fix these vulnerabilities.
Reply With Quote
  #10  
Old 01-30-2013, 06:30 PM
Bagman's Avatar
Bagman Bagman is offline
Member
 
Join Date: Nov 2012
Posts: 70
Thanks: 21
Thanked 20 Times in 14 Posts
Bagman is just starting out
Default

I just installed Java and the Rapid 7 scan test. It identifies my RT-N66U running the latest Merlin beta as a UPnP device, but says it's not exploitable. I get the same results as KevTech does in the link in the post above.

Maybe Asus has patched the vulnerability even though they've patched to the older UPnP 1 that is listed as vulnerable?
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -4. The time now is 06:51 AM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  437
azazel1024  125
john9527  96
L&LD  95
htismaqe  81
ColinTaylor  70
stevech  65
hggomes  64
sfx2000  58
Anzaia  49
RMerlin  6273
john9527  447
stevech  352
ryzhov_al  289
TeHashX  252
L&LD  242
RogerSC  202
sinshiva  146
sfx2000  136
joegreat  127
Most Viewed Threads* Hottest Threads*
Old Asuswrt-Merli...  47176
Old RT-AC68 -...  22301
Old RT-AC68P...  7045
Old Moderate Nat...  4690
Old ASUS RT-N66U...  4246
Old iOS 8.1...  3977
Old RT-AC87U -...  2438
Old WiFi...  2423
Old RT-AC68P QOS...  1968
Old AC68U,...  1756
Old Asuswrt-Merli...  215
Old RT-AC68 -...  137
Old Review: 24...  35
Old RT-AC68P...  33
Old iOS 8.1...  33
Old Moderate Nat...  29
Old WiFi...  27
Old RT-AC87U -...  26
Old How to flash...  24
Old RT-AC68P QOS...  24


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.