Is this a concern for those of us using Merlin firmware? (CVE-2024-3080)

[Ripshod]

More likely to reiterate that that CVE is fixed, after all the knee-jerk reactions after certain articles were posted.

 

[JIPG]

After many posts, it seems that the OP question is not answered yet. There are new fw from ASUS for the affected routers (end od March), but the last GPL merged by RMerlin n the 388 line is from January, so it is very unlikely that It includes the patches.

I do not know if other changes in some components are related to that, but it seems also very unlikely due to the type of vulnerability.

So, if nobody has arguments against, we should consider that we are exposed and It is recommended to follow the ASUS advice in case you cannot update the firmware (typically avoiding the exposure to external access).

 

[jerry6]

After many posts, it seems that the OP question is not answered yet. There are new fw from ASUS for the affected routers (end od March), but the last GPL merged by RMerlin n the 388 line is from January, so it is very unlikely that It includes the patches.

I do not know if other changes in some components are related to that, but it seems also very unlikely due to the type of vulnerability.

So, if nobody has arguments against, we should consider that we are exposed and It is recommended to follow the ASUS advice in case you cannot update the firmware (typically avoiding the exposure to external access).

it has been answered 10 times you just refuse to read it and accept it

 

[RMerlin]

So, if nobody has arguments against, we should consider that we are exposed and It is recommended to follow the ASUS advice in case you cannot update the firmware (typically avoiding the exposure to external access).

I am not discussing details of a security issue when the information are still confidential and not published in the public CVE.

All I can state is that 3006.102.1, 3004.388.8 and 386.14 are NOT affected by this.

 

[laracroftonline]

people really need to stop worrying if they are on merlin firmware. he usually uses the latest of everything he can update. he also pushes out alphas or betas as soon as there is a vulnerability that he can patch.

 

[bennor]

After many posts, it seems that the OP question is not answered yet.

It has been answered or addressed a number of times in various discussions posted about the CVE's referenced in the article. For example:
(edit: erroneously linked quote from last year dealing with two other CVE's)
In addition to RMerlin's response above.

 

[JIPG]

I am not discussing details of a security issue when the information are still confidential and not published in the public CVE.

All I can state is that 3006.102.1, 3004.388.8 and 386.14 are NOT affected by this.

Fair answer. Closing the discussion.

 

[JIPG]

It has been answered or addressed a number of times in various discussions posted about the CVE's referenced in the article. For example:
https://www.snbforums.com/threads/a...cal-router-vulnerabilities.85553/#post-849841

In addition to RMerlin's response above.

Sorry, you are pointing to a one year ago post, so no related.

 

[jerry6]

Sorry, you are pointing to a one year ago post, so no related.

no you just refuse to accept it is over and done , accept it and be done with it

 

[JIPG]

no you just refuse to accept it is over and done , accept it and be done with it

Please, see my answer to RMerlin two post above ...

Is this a concern for those of us using Merlin firmware? (CVE-2024-3080)

More likely to reiterate that that CVE is fixed, after all the knee-jerk reactions after certain articles were posted.

www.snbforums.com