What's new

ASUS urges customers to patch critical router vulnerabilities

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Is anyone running this latest firmware (stock Asus) on AX58U ? I am a few revisions behind (firmware dated January 2023 I believe) because the revision after that broke my 2.4 band. All my smart devices, cameras etc.. which only use 2.4 kept disconnecting and the router needed rebooting 1-2 times per day. I was fine running the older firmware to keep things stable but now with this vulnerability it seems I am running a risk by doing that. Curious if anyone else experienced this and if they still are with this latest firmware? Thank you!
 
Ok, I was originally looking for answers about the patched CVE's but after reading all 3 pages of this thread, I'm even more confused that before I started reading it.

I have checked the details log for my router and some of them are included in the official ASUSWRT firmware like CVE-2023-28702 and CVE-2023-28702 but when I checked the Merlin's Changelog, I couldn't find them.

l also noticed that the latest official ASUSWRT firmware is a few months old but Merlin's one was released a month after but still doesn't have the above listed CVE's that are included in its official firmware from ASUS. I noticed that some features may vary between ASUS's official firmware and the Merlin's one but the said vulnerable components for example like Netatalk are still used by both but there are no fixes for it on the Merlin's firmware going by the changelog ?

Am I missing something here ?
 
I don't document security fixes unless I'm the one fixing them, as I have no way of keeping track of which issues are fixed in a specific GPL drop from Asus. You will have to look at the GPL version used in a specific firmware release, then look at Asus' own changelogs.
 
I don't document security fixes unless I'm the one fixing them, as I have no way of keeping track of which issues are fixed in a specific GPL drop from Asus. You will have to look at the GPL version used in a specific firmware release, then look at Asus' own changelogs.
As I'm new to how you operate changelogs here, any guidance on it would be great.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top