What's new

Late version with Cmd tool

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Shayne

Occasional Visitor
Hi

I am currently on Firmware:3.0.0.4.374.38_2

From the change logs was 374.40 (6-March-2014) the last version with tools - run cmd?

I am not national defense and security can be obtained elsewhere. Like this option and wondering where the merger began, I think 374.41 (18-Apr-2014), but confirmation would appreciate.

Understand reason and do appreciate all the wizard does.

Regards
 
Hi

I am currently on Firmware:3.0.0.4.374.38_2

From the change logs was 374.40 (6-March-2014) the last version with tools - run cmd?

I am not national defense and security can be obtained elsewhere. Like this option and wondering where the merger began, I think 374.41 (18-Apr-2014), but confirmation would appreciate.

Understand reason and do appreciate all the wizard does.

Regards


It was removed for security reasons as It can be exploited via other webpages using such methods as XXS etc.

There's no reason you can't use SSH, its much more secure and easier to use, not to mention when setup correctly with SSH Keys you can login with one click using xShell/Putty (faster then logging into the router GUI then navigating to the correct page)
 
That is what I did was read the change log? Was just looking for confirmation.

I can pageant SSH Authentication key in no problems. Without knowing a multi character highly secure password and with ssh and telenet disabled what can they do? I think you are wrong about faster to run one command but that is a matter of opinion.

Regards
 
That is what I did was read the change log? Was just looking for confirmation.

I can pageant SSH Authentication key in no problems. Without knowing a multi character highly secure password and with ssh and telenet disabled what can they do? I think you are wrong about faster to run one command but that is a matter of opinion.

The Run Cmd page opens up the door to crosssite attacks. If you had a tab open on the router's web ui (any page at all), a malicious site open on another tab could then run ANY command on the router through a crafted URL.
 
The Run Cmd page opens up the door to crosssite attacks. If you had a tab open on the router's web ui (any page at all), a malicious site open on another tab could then run ANY command on the router through a crafted URL.

Thank you, I do not use tabs I use multiply windows. I have tabs on a task bar I do not need dual tabs. We guess you would not implement it again with a disable/enable toggle and keep something different than Asus stock firmware?

Regards
 
Thank you, I do not use tabs I use multiply windows. I have tabs on a task bar I do not need dual tabs. We guess you would not implement it again with a disable/enable toggle and keep something different than Asus stock firmware?

No, because this would basically be a "please-p0wn-me" switch. And the same potential security issues could arise where a separate tab might be able to inject an enable switch inside an open webui page to re-enable it, opening the door wide open for running arbitrary commands.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top