Hello,
I found security problem in version 380.65_2.
All defined users are able logon to "AiCloud Web access" site using appropriate username and password and have access to all resources located on HDD irrespective of assigned rights to particular folders.
I remember that in any previous version admin user was able logon to "AiCloud Web access" site only. I verified it in the past.
Which Asuswrt-Merlin version implemented this change? Which versions of Asuswrt-Merlin are affected?
Is it possible to restore previous rules?
Current status prevents the use of "direct share links" (/AICLOUDxxxxxxxxx/) in combination with FTP server.
Best Regards
J.
I found security problem in version 380.65_2.
All defined users are able logon to "AiCloud Web access" site using appropriate username and password and have access to all resources located on HDD irrespective of assigned rights to particular folders.
I remember that in any previous version admin user was able logon to "AiCloud Web access" site only. I verified it in the past.
Which Asuswrt-Merlin version implemented this change? Which versions of Asuswrt-Merlin are affected?
Is it possible to restore previous rules?
Current status prevents the use of "direct share links" (/AICLOUDxxxxxxxxx/) in combination with FTP server.
Best Regards
J.
