bgvaughan
Occasional Visitor
I've just been reading about the bug in OpenSSL, CVE-2014-0160, present in OpenSSL versions 1.01 - 1.01f. If I understand correctly, OpenSSL is used in OpenVPN, and I would guess it would be used in generating certificates for HTTPS access to the router administration page. I don't know what version is used in the current or past versions of Asuswrt-Merlin. Is it vulnerable? If so, can this be patched?
Some articles on the 'Heartbleed' vulnerability:
Some articles on the 'Heartbleed' vulnerability: