Computers & Electronics

Asus Routers Vulnerable...

  • Last Updated:
  • Feb 21st, 2014 4:27 am
28 replies
Deal Expert
Feb 24, 2007
15169 posts
2743 upvotes
That's only for those running OEM firmware. dd-wrt and tomato do not have this exploit open.
Deal Fanatic
User avatar
Nov 18, 2002
7041 posts
652 upvotes
BC Interior
eldiablo wrote: That's only for those running OEM firmware. dd-wrt and tomato do not have this exploit open.
Yeah but that represents, what, 5% of users if that?

Big hole Asus, not good....
Deal Expert
Feb 24, 2007
15169 posts
2743 upvotes
ichpen wrote: Yeah but that represents, what, 5% of users if that?

Big hole Asus, not good....
can not argue with you on that..
Sr. Member
Aug 22, 2011
659 posts
413 upvotes
PORT HOPE
http://arstechnica.com/security/2014/02 ... ited-flaw/

How easy is it to log into your router and access your data? Unbelievably easy.

There are websites which will search for (and find) ftp servers which allow anonymous logins. (http://www.shodanhq.com/ is one such place). Asus routers seem to have this enabled by default. These searches will expose your ip address allowing anyone to log into any usb device you have plugged into your router. Once there, they can browse, download, upload etc. Anything on your usb device is exposed.

If you have an Asus router with a usb drive attached, I highly recommend you immediately unplug it until you figure out how to enable security on your router.
Deal Expert
User avatar
Oct 13, 2002
19368 posts
1071 upvotes
Phew .... None of my Asus routers run stock FW .... Tomato FTW
Sr. Member
Aug 22, 2011
659 posts
413 upvotes
PORT HOPE
I started a thread about this, but I'll put this here too:

How easy is it to log into your router and access your data? Unbelievably easy.

There are websites which will search for (and find) ftp servers which allow anonymous logins. (http://www.shodanhq.com/ is one such place). Asus routers seem to have this enabled by default. These searches will expose your ip address allowing anyone to log into any usb device you have plugged into your router. Once there, they can browse, download, upload etc. Anything on your usb device is exposed.

If you have an Asus router with a usb drive attached, I highly recommend you immediately unplug it until you figure out how to enable security on your router.
Deal Addict
User avatar
Jul 4, 2006
4625 posts
1342 upvotes
but.. no care if I don't use the usb ports on my router, right?
Deal Addict
User avatar
Aug 21, 2009
4760 posts
383 upvotes
So what is the best way to 'secure' these routers for your average consumer? Install the latest firmware?

I did this 2-3 days ago, should be good to go right? Anything else I need to do?
Sr. Member
Aug 22, 2011
659 posts
413 upvotes
PORT HOPE
Lovable wrote: So what is the best way to 'secure' these routers for your average consumer? Install the latest firmware?

I did this 2-3 days ago, should be good to go right? Anything else I need to do?
What router have got? The firmware update only fixed the vulnerability in these routers:

ASUS RT-N66U (Ver.B1), RT-N66R and RT-N66W
Deal Addict
User avatar
Aug 21, 2009
4760 posts
383 upvotes
The RT-66u, the firmware is upgraded to 3.0.0.4.374
Sr. Member
Aug 22, 2011
659 posts
413 upvotes
PORT HOPE
Here's a little more info on the vulnerability:

http://www.pcworld.com/article/2086280/ ... -open.html

Specifically:

The problem stems from how the routers are configured. Access to an external hard drive that’s been attached to a router’s USB port using FTP can be activated manually or by using a wizard, but both leave the router open by default.

The wizard lets users choose among three settings—the default “limitless access rights and options for “limited access rights” and “admin rights”—with little information about what each option means. Also, the “limited access rights” alternative includes an option that sets up a user called “Family” and proposes the password “family,” instead of telling users to create their own passwords.
Deal Addict
User avatar
Aug 21, 2009
4760 posts
383 upvotes
Okay so first, I have no external HDD attached to the router so I should be okay there, second looks like my latest firmware update should have patched this exploit.
Deal Fanatic
User avatar
Sep 21, 2012
5065 posts
586 upvotes
Mississauga
I guess I should be glad my HHD doesn't work with my AC66U anyways. I had Aisuite and all that other stuff enabled too, but even with merlin it never worked properly. Unfortunately, this router still uses far less electricity than my pfsense machine and has a much more friendly gui, so I can't switch

Trying to port forward, manually assign ips, cache web pages, disable wan access on certain devices, and basically every other common easy to do task was nightmare for me in pfsense.
Favourite Games: NieR (PS3), Catherine (PS3), Persona 3 FES/Portable (PS2/PSP), Final Fantasy IX (PSX), Persona 4 Golden (PSV), Witcher 1,2,3 (PC), Skyward Sword (Wii), Pokemon Colosseum (GC), Fire Emblem Awakening (3DS), Shin Megami Tensei IV (3DS), Majora's Mask (3DS), Bravely Default (3DS)
Deal Guru
User avatar
Oct 24, 2012
11641 posts
2620 upvotes
Montreal
Lovable wrote: Okay so first, I have no external HDD attached to the router so I should be okay there, second looks like my latest firmware update should have patched this exploit.
Did you read the article linked by OP?
Disable FTP and AICloud. That's it.

Or... flash DD-WRT because it's amazing.
Dinujan wrote: Trying to port forward, manually assign ips, cache web pages, disable wan access on certain devices, and basically every other common easy to do task was nightmare for me in pfsense.
PFSense is a pointless headache for those who don't need extra features from what DD-WRT can offer. Heck, most people don't even know how to configure QoS.

Top

Thread Information

There is currently 1 user viewing this thread. (0 members and 1 guest)