Dear Asus Router Owner: You’ve Been Pwned

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
I'm going to go out on a limb here and say this can't be good. :eek:

The guerilla-style hacking disclosure comes eight months after a security researcher publicly disclosed the underlying vulnerability that exposed the hard drives of Jerry and so many other Asus router users. The June 22 report found the "ability to traverse to any external storage plugged in through the USB ports on the back of the router," but researcher Kyle Lovett said he went public only after privately contacting Asus representatives two weeks earlier and getting a response that the reported behavior "was not an issue."
Click to expand...
 
This is awesome I have one of the routers on the list, at least I am not using usb storage on it.
 
Lol ASUS support said "was not an issue" looks like they can join their crappy RMA department.
 
Mine is not affected by this because it died after 2.5 hours of use. lol
 
I'll be switching over my RT-N56U to the Asuswrt-Merlin firmware tonight. I originally had custom firmware on it but after a while, it started dropping wireless connections. The current stock firmware from ASUS sucks, so I'm hoping this new custom firmware will work well.
 
Ok, so I bought my parents an RT-N66U a while back. Its connected to the net via another router(non-Asus) on the network and has no attached storage. Its basically a wireless AP. On a scale of 1 to 10, 1 being "don't worry" about it and 10 being "shoulda done it months ago" how important is it that I run home and change the firmware?
 
SithSolo1 said:
Ok, so I bought my parents an RT-N66U a while back. Its connected to the net via another router(non-Asus) on the network and has no attached storage. Its basically a wireless AP. On a scale of 1 to 10, 1 being "don't worry" about it and 10 being "shoulda done it months ago" how important is it that I run home and change the firmware?
Click to expand...

the AP isn't facing the internet, so.......
 
Yet another ding for ASUS and for "consumer" routers in general.

Those of you still using "consumer" grade routers... when will you learn that it is not worth your time or money to put up with these pieces of trash?
 
I have two affected routers, but no attached storage and all extraneous settings are off. Thanks for the heads up for the updated firmwares though! :)
 
So I am guessing I am good since I have the AC68 and its not on that list.
 
ASUS is on this and its customer service has been sending emails to registered users to update their firmware. Also there have been posts in the ASUS support forums as well. ASUS is not ignoring this, so perhaps an update to the article at publication time would have been a good idea.
 
I have an ASUS router with a USB port and AICloud enabled although nothing is in the port at the moment.
 
Setting it up with password authentication on external devices will fix the issue.
 
http://www.smallnetbuilder.com/forums/showpost.php?p=105835&postcount=16

For those running Merlin waiting for his update:

Since at this point there is more FUD than actual facts as to the real vectors of attack (not two articles are talking about the same vulnerabilities, and some articles are referring to vulnerabilities that were actually fixed nearly a year ago), then just disable the FTP server and AiCloud for now, and you'll be fine.
 
CrimsonKnight13 said:
That sucks... Padavan can't be sketchy with stability (though I wouldn't be surprised if my router is flaking out on me).
Click to expand...

Sketchy? Can you clarify this? I've been using Padavan's fimware on my RT-N56U for a while now and it's always been stable, and this is with many many devices connected to it.
 
To be fair my router,a NETGEAR, only gives me the choice for nothing or the admin password on the USB port. Rather than expose my admin to another path of trial and error, I leave it open and only use it for temporary transfer of non-private content.
 
I actually found out about this on /g/ a couple days ago. Luckily I run DD-WRT on mine. Good that they made people aware of this and ASUS is taking steps to correct it. I'm surprised they weren't trolling and telling people to install gentoo.
 
My AC 66-U is secure and I really like this router as it serves me well. I pity the fool that attempts to get in, I'll invoke the name of Jesus on them.
 
cyclone3d said:
Yet another ding for ASUS and for "consumer" routers in general.

Those of you still using "consumer" grade routers... when will you learn that it is not worth your time or money to put up with these pieces of trash?
Click to expand...

Why the hell would I buy a commercial grade router for a 1300sq/ft 2/2?
 
pigwalk said:
Why the hell would I buy a commercial grade router for a 1300sq/ft 2/2?
Click to expand...

And besides this issue, my RT-66AC has been the best router I have ever owned. It has worked flawlessly this just looks like a horrible default configuration option.
 
Wow, talk about a huge hole considering this is a default setting with stock firmware.
 
That sucks... Padavan can't be sketchy with stability (though I wouldn't be surprised if my router is flaking out on me).
Click to expand...

I highly recommend this for the 56U and 65U routers. I personally contributed to the project and used the firmware for years. It is one of the best projects, in which, using it you will not lose your ability to utilize the hardware accelerated features. Such as what happens with DD-WRT, and many other variants using Broadcom logics.

You will have some features such as AICloud removed, but replaced with Transmission. Also, the most recent was just released. If I didn't get a R7000 recently, I would still be using my 56U with their firmware.

https://code.google.com/p/rt-n56u/
 
This is why I don't use consumer routers.

After switching to pfSense as my router/firewall and Ubiquiti Unifi Wireless Access Points (on a separate VLAN than internal wired traffic), there is no going back for me.
 
this is the best firmware ive found for my asus

Tomato Firmware 1.28.0000 MIPSR2-116 K26 USB AIO
Tomato
Version 1.28 by shibby

http://tomato.groov.pl/


just translate the page to english...inside the fw everything is in english
 
pigwalk said:
Why the hell would I buy a commercial grade router for a 1300sq/ft 2/2?
Click to expand...

the size/space doesn't matter if you care about reliability and security.

It would cost a little bit more, but I'd highly recommend one of these, with pfsense on it.

http://store.pfsense.org/vk-2d13/

It would be a little bit more money than a consumer router, and you'd need a separate wireless access point if you want wifi, but its reliability and security would be tough to beat.
 
Zarathustra[H];1040635589 said:
the size/space doesn't matter if you care about reliability and security.

It would cost a little bit more, but I'd highly recommend one of these, with pfsense on it.

http://store.pfsense.org/vk-2d13/

It would be a little bit more money than a consumer router, and you'd need a separate wireless access point if you want wifi, but its reliability and security would be tough to beat.
Click to expand...

Keep in mind, this is a router only.

Most consumer models include the router, wireless access point AND switch in one box. Doing something like this you'd need to get the wireless and switch separately.
 
I never understood how attaching storage to a wan facing device was a good idea regardless of manufacturer
 
You must log in or register to reply here.
Back
Top