Menu
What's new
By:
Filters Better Search

Asus infosrv patch ?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

jim769

jim769

Very Senior Member
I see Asus has released firmware to fix the infosvr issue but what is the second security issue mentioned below? And does Merlin's firmware also have the latter patched?


Fixed infosvr security issue.
-Fixed Cross-site request forgery security issue
 
jim769 said:
I see Asus has released firmware to fix the infosvr issue but what is the second security issue mentioned below? And does Merlin's firmware also have the latter patched?


Fixed infosvr security issue.
-Fixed Cross-site request forgery security issue
Click to expand...

I have no idea what the second one is, so no, it's not patched. Since it's quite vague and does not refer to any specific CVE, it could be an undiscovered issue.
 
I wonder if that's the old man-in-the-middle vulnerability during an automatic code update?
 
http://www.zdnet.com/article/asus-routers-vulnerable-to-network-attack-exploit-published/
Security researcher Joshua Drake published an advisory warning that "all known firmware versions for applicable routers (RT-AC66U, RT-N66U, etc.) are assumed vulnerable."

The bug allows an attacker on the same network to take full administrative control of the router without the need for a password. The only known fix is to disable the troublesome infosvr service by killing the process when the affected device boots. That has to be performed each time the device restarts.

A working exploit was also published alongside the advisory.

While it may not be a major issue for those on private networks at home, those in offices or on public Wi-Fi are most at risk.

We've reached out to Asus but did not hear back at the time of writing.
Click to expand...
 
You must log in or register to reply here.

Similar threads

M
Release ASUS ZenWIFI ET9 Firmware version 3.0.0.4.388_25136
Replies
2
Views
344
OzarkEdge
OzarkEdge
B
Synology DSM Version: 7.2.2-72803 (2024-08-26)
Replies
1
Views
2K
sfx2000
sfx2000
F
Release ASUS ZenWiFi XD4 Firmware version 3.0.0.4.388_25041 (2024/09/05)
Replies
4
Views
1K
aardbeix15
A
F
Release ASUS RT-AXE7800 Firmware version 3.0.0.4.388_25058 (2024/08/28)
Replies
0
Views
653
fruitcornbread
F
T
Release ASUS GT-AX6000 Firmware version 3.0.0.6.102_34791
2 3 4
Replies
72
Views
13K
Erwin
Erwin
Similar threads
Thread starter Title Forum Replies Date
N Asus Routers to Keep ASUS Wi-Fi 1
N Asus Routers Extension Proper Set-up Using Ethernet Cable ASUS Wi-Fi 9
G Asus RT-AC5300 met lan switch shows only wifi data active and count only wifi ASUS Wi-Fi 0
K Asus mesh advice ASUS Wi-Fi 3
Y Are all ASUS routers on the 3.0.0.6.102 codebase guaranteed to support VLAN Management & Guest Network Pro? ASUS Wi-Fi 10
Zakalwe Replacing an AX86U Pro - GT-AX11000/GT-AXE16000/Asus RT-BE86U? ASUS Wi-Fi 2
F RT-AX86U Pro / ASUS RT-BE86U question ASUS Wi-Fi 1
T So sorry if this has been asked before but is this how you revert back to asus stock firmware? ASUS Wi-Fi 11
N Asus Router Security Discussion ASUS Wi-Fi 8
R ASUS ZENWIFI PRO ET12's & WiFI 6E ASUS Wi-Fi 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 780 (members: 23, guests: 757)
Top