ASUS RT-N66U Firmware version 3.0.0.4.374.5517

[RMerlin]

That is a bug in a security fix.

The fix is that the code of the configuration page no longer contains your Username and Password in clear texst, see:
http://dnlongen.blogspot.nl/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html

The bug is that the strenght checker and show password function are somewhat broken because they can no longer find your Username and Password in the page code.
The checker does work at the moment you type in a new password.

BTW, I did a quick check in the GPL source code of another major router manufacturer, and I found the same problem: they also are embedding the router password right into the HTML code...

One can only wonder at the people who write those router firmwares. Backdoors, cleartext passwords in HTML page (meaning a malicious website could potentially retrieve that info if you have a valid session open on your router in another tab). UPnP answering to WAN side requests...

 

[wouterv]

I checked DD-WRT (14929), there the user name and password are not part of the page source.
They seems to use some javascript for username and password entry and only show dots for each character you type.
I don't see a reason to show username and password in the configuration page anyway, asuming you *just* logged in to make some configuration changes and proved you have remembered your credentials.
The password strenght checker looks fancy, but who will really listen to that free advise?

 

[sm00thpapa]

I revert back to factory specs after every firmware upload just to make sure no bugs from last one are still in the NVRAM. That's just my opinion.


Sent from my iPad using Tapatalk

 

[sm00thpapa]

I'm using google chrome and it does not log me out and shows my password when I check the show password box.


Sent from my iPad using Tapatalk

 

[RMerlin]

I'm using google chrome and it does not log me out and shows my password when I check the show password box.


Sent from my iPad using Tapatalk

Chrome properly logs me out after 30 mins if I don't use that tab during that time.

 

[sm00thpapa]

I log in then completely close the window. Wait over 30 minutes and go back to 192.168.1.1 and it logs me back in without a password. So what could my issue?


Sent from my iPad using Tapatalk

 

[wouterv]

I log in then completely close the window. Wait over 30 minutes and go back to 192.168.1.1 and it logs me back in without a password. So what could my issue?

The auto logout is intended as follows:
Browse to the router (default 192.168.1.1), login with your credentials.
Leave any configuration page open in the browser window, don't "touch" it or open another browser tab.
Now the router should logout it self out after the timer expired and present you a "You are not logged in" page and login dialog.

If you close the configuration page, the logout timer is no longer active.

Your problem seems to be that the router cookie is saved in the browser cache.

 

[sm00thpapa]

Well that's not secure then. If you close the window the router should log you out. I've never in my life logged out of a router. I always just close the web browser window. Oh we'll no biggie. Thanks for your input.


Sent from my iPad using Tapatalk

 

[RMerlin]

To clarify the confusion as to how login/logging out works.

If you close the browser completely without logging out, the session will time out after 60 seconds. Opening a new browser will request the username/password

If you leave the browser open, close the tab without logging out then go back, you will still be automatically logged - that's because your browser is caching the http basic auth login credentials and automatically sending them back. This is the way http authentication simply works, not an issue specific to Asuswrt. You have to use the Logout button.

If you leave the browser open and leave the tab open in background, that tab will automatically log itself out after 30 minutes.

 

[KevTech]

Figured I would test this version and have noticed the following filling up the log.

Any idea why?

Others may not see this as I set log level to 7 to match merlins logging.

This is just a small example:

Apr 17 13:06:34 rc_service: dhcp6c-state 1191:notify_rc start_radvd
Apr 17 13:06:34 radvd[1178]: Exiting, sigterm or sigint received.
Apr 17 13:06:34 radvd[1178]: sending stop adverts
Apr 17 13:06:34 radvd[1178]: removing /var/run/radvd.pid
Apr 17 13:06:34 rc_service: dhcp6c-state 1191:notify_rc start_httpd
Apr 17 13:06:34 rc_service: waitting "start_radvd" via dhcp6c-state ...
Apr 17 13:06:34 radvd[1196]: version 1.10.0 started
Apr 17 13:06:35 rc_service: dhcp6c-state 1201:notify_rc start_radvd
Apr 17 13:06:35 rc_service: waitting "start_httpd" via ...
Apr 17 13:06:35 RT-N66U: start httpd
Apr 17 13:06:36 rc_service: dhcp6c-state 1201:notify_rc start_httpd
Apr 17 13:06:36 rc_service: waitting "start_radvd" via dhcp6c-state ...
Apr 17 13:06:36 radvd[1199]: Exiting, sigterm or sigint received.
Apr 17 13:06:36 radvd[1199]: sending stop adverts
Apr 17 13:06:36 radvd[1199]: removing /var/run/radvd.pid
Apr 17 13:06:36 radvd[1206]: version 1.10.0 started
Apr 17 13:06:37 RT-N66U: start httpd

 

[shobhitk]

has anyone tested the performance of wireless range of N66U in the 2.4ghz range (40mhz) vis-a-vis:

1) last official Asus build (which was really bad), and
2) 374.40 Merlin build (which was excellent)

 

[erick1375]

How come i can't see all the connected devices on my RT-AC66U router after connecting to the new firmware version? Also when i i try to open up the Source button on my Samsung Smart TV the icon for the router has this question mark on it compared before where it has a router icon. What gives?

 

[boro]

I've found a very annoying bug:

When using Dual-WAN = "On", "WAN" as primary and "Ethernet LAN" as secondary (Fallback), then you cannot switch between settings on the Internetconnection-Tab.
There is a JavaScript function change_wan_unit, which does not allow to switch between the upper two units. The problem is here:

function change_wan_unit(obj){
if(!dualWAN_support) return;
if(obj.options[obj.selectedIndex].text == "DSL"){
if(dsltmp_transmode == "atm")
document.form.current_page.value = "Advanced_DSL_Content.asp";
else //ptm
document.form.current_page.value = "Advanced_VDSL_Content.asp";
}else if(document.form.dsltmp_transmode){
document.form.dsltmp_transmode.style.display = "none";
}
if(obj.options[obj.selectedIndex].text == "USB") {
document.form.current_page.value = "Advanced_Modem_Content.asp";
}[COLOR="Red"][B]else if(obj.options[obj.selectedIndex].text == "WAN"|| obj.options[obj.selectedIndex].text == "Ethernet LAN"){
return false;
}[/B][/COLOR]
FormActions("apply.cgi", "change_wan_unit", "", "");
document.form.target = "";
document.form.submit();
}

 

[hendry]

Sourcecode for RT-N66R out today for this version firmware also for RT-N16 too

 

[richardeid]

Sourcecode for RT-N66R out today for this version firmware also for RT-N16 too

It's interesting that OpenVPN is included now for the RT-N16. Has anyone else updated their RT-N16 to .5517? When I select OpenVPN, a few sorts of screwy things start happening with the WebUI and some parts of the N16 become non-functional. Just checking to see if anyone else is experiencing this or just me.

One time after enabling OpenVPN the router performed a factory reset. Since I thought that was odd and I didn't know the cause, I did a manual factory reset and re-setup all my settings. Again when I enabled OpenVPN I experienced some odd UI behavior and some overall funniness within my network. I had some difficulty disabling it at this point so I just did another manual factory reset and all has been fine since.

I thought there was a memory issue preventing OpenVPN from working on the N16. Was this option enabled by accident or am I doing something wrong?

 

[RMerlin]

It's interesting that OpenVPN is included now for the RT-N16. Has anyone else updated their RT-N16 to .5517? When I select OpenVPN, a few sorts of screwy things start happening with the WebUI and some parts of the N16 become non-functional. Just checking to see if anyone else is experiencing this or just me.

One time after enabling OpenVPN the router performed a factory reset. Since I thought that was odd and I didn't know the cause, I did a manual factory reset and re-setup all my settings. Again when I enabled OpenVPN I experienced some odd UI behavior and some overall funniness within my network. I had some difficulty disabling it at this point so I just did another manual factory reset and all has been fine since.

I thought there was a memory issue preventing OpenVPN from working on the N16. Was this option enabled by accident or am I doing something wrong?

Smaller nvram means it's very easy to accidentally fill it up by using large OpenVPN keys/certs, which will lead to a router requiring a complete factory default reset. Asus's stock firmware is less prone to that issue than my FW since they only support one server and one client, while I support two of each.

I would connect with telnet and check how much nvram you have free before configuring OpenVPN:

nvram show

Then keep that value in mind when entering keys/verts. A CA, server key and server cert can easily eat 6 KB on their own.

 

[richardeid]

I didn't even get to the point of configuring the OpenVPN stuff on there. I just enabled it and a bunch of funky stuff happened.

size: 28187 bytes (4581 left)

This is what I have after configuring the stock firmware to my needs. Any ideas on what I might be able to cut out in order to free up some extra nvram? I have a few PCs set up for DHCP reservation, the PPTP server enabled(which I assume that space would be freed when switching to OpenVPN), the DLNA server enabled, AiCloud enabled, packet logging enabled, and custom DNS servers set. Everything else is pretty much set to the defaults. I'd say all of those are pretty much things I need to have enabled.

In the end, it's no biggie if this doesn't work out for me. I'm happy enough with my PPTP server. The OpenVPN thing is something I've wanted to play with for a while but can easily go without.

 

[Pierino]

If need be the K3.X dd-wrt builds now allot 256k nvram if you wanted to try it.

 

[RMerlin]

I didn't even get to the point of configuring the OpenVPN stuff on there. I just enabled it and a bunch of funky stuff happened.

size: 28187 bytes (4581 left)

This is what I have after configuring the stock firmware to my needs. Any ideas on what I might be able to cut out in order to free up some extra nvram? I have a few PCs set up for DHCP reservation, the PPTP server enabled(which I assume that space would be freed when switching to OpenVPN), the DLNA server enabled, AiCloud enabled, packet logging enabled, and custom DNS servers set. Everything else is pretty much set to the defaults. I'd say all of those are pretty much things I need to have enabled.

In the end, it's no biggie if this doesn't work out for me. I'm happy enough with my PPTP server. The OpenVPN thing is something I've wanted to play with for a while but can easily go without.

You can't really "cut out" anything. nvram is simply where all settings are stored. Of course, the more features you enable and configure, the less free nvram you will have.

Switching services off won't free any nvram space, since all configuration still remain saved.

 

[richardeid]

Ah, gotcha. I thought disabling services would save on nvram space. But really what it sounds like is "de-configuring" things is what may do it.

I guess I'll have to stick with PPTP then. Thanks again for your guidance.

Also, Pierino...thanks for the suggestion. I may give DD-WRT another shot at some point but I'm fairly satisfied with the ASUS WRT firmwares for now.