ASUS WRT firmware vulnerability

D

devman

2[H]4U
Joined
Dec 3, 2005
Messages
2,400
Read about this this morning, thought it would be a good idea to post here.

There is a remote root exploit that effects ASUS WRT firmware used on RT-AC66U, RT-N66U, and other routers.

The attack allows a specially crafted UDP boadcast to execute commands as root on any affected ASUS routers on a LAN.


Technical details and a proof of concept have been posted in a github project @ https://github.com/jduck/asus-cmd


CVE: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9583
 
Mackintire said:
If you are using any of those routers you should probably be using the merlin firmware anyway, since it is better supported than ASUS's factory firmware and features the identical gui.

http://asuswrt.lostrealm.ca/about
Click to expand...

They should be using Shibby's Tomato... but Merlin is better than stock, at least. I went AsusWRT -> Merlin -> DD-WRT -> Tomato on my AC66U and the only good one is Tomato.

Anyway, I had been wondering the other day if AsusWRT was still crap. I guess this answers that question.
 
Mackintire said:
The merlin version of the firmware was patched earlier today.

http://asuswrt.lostrealm.ca/changelog


If you are using any of those routers you should probably be using the merlin firmware anyway, since it is better supported than ASUS's factory firmware and features the identical gui.

http://asuswrt.lostrealm.ca/about
Click to expand...


Agreed!, I love Merlin Firmware on my RT-N16, I actually prefer it over Tomato or DD-WRT, maybe its only a perceived difference, but browsing the interwebz seems faster and sites seem more responsive.
 
Mackintire said:
The merlin version of the firmware was patched earlier today.

http://asuswrt.lostrealm.ca/changelog


If you are using any of those routers you should probably be using the merlin firmware anyway, since it is better supported than ASUS's factory firmware and features the identical gui.

http://asuswrt.lostrealm.ca/about
Click to expand...

iGamer said:
Agreed!, I love Merlin Firmware on my RT-N16, I actually prefer it over Tomato or DD-WRT, maybe its only a perceived difference, but browsing the interwebz seems faster and sites seem more responsive.
Click to expand...

Thanks guys. Been using stock firmware for a while now but Merlin looks good on my RT-N16. I used Tomato for a long time before going back to the much-improved stock firmware but never cared for it. Just wasn't stable.
 
Last edited:
You must log in or register to reply here.
Back
Top