Multiple vulnerabilities discovered in ASUSWRT

[bem7]

Hello,

Not sure if this has been patched yet but it was published March 8th, 2017.

''ASUSWRT is a wireless router operating system that powers many routers produced by ASUS. Multiple exploitable vulnerabilities could be identified in the current version of ASUSWRT.''

More info here https://bierbaumer.net/security/asuswrt/

 

[RMerlin]

From what I can see, two out of three have already been patched by Asus.

 

[dieter]

Patched in Versions 380.4164 and 380.7266?
Do these vulnerabilities also exist in the RMerlin firware?

 

[RMerlin]

Patched in Versions 380.4164 and 380.7266?
Do these vulnerabilities also exist in the RMerlin firware?

380.65 has the first fixed, but not the two others. I expect to push an update with all three fixes in the coming days.

Which brings me to repeat, one more time: Do NOT expose the httpd to the WAN... None of those issues can be exploited remotely, unless you start exposing your router to the WAN.

 

[dieter]

How does on prevent exposing HTTPD to the WAN? Sorry... Is there a router option?

 

[RMerlin]

How does on prevent exposing HTTPD to the WAN? Sorry... Is there a router option?

Basically, just don't enable it.

 

[pdoyle]

When I disable WAN; my RT-AC68W loses the internet entirely. How can I disable WAN and still connect to the internet?

 

[bluepoint]

When I disable WAN; my RT-AC68W loses the internet entirely. How can I disable WAN and still connect to the internet?

What you want to disable is, "Web access from WAN" in the administrator-system section and while you are there disable SSH from WAN too.

 

[pete y testing]

When I disable WAN; my RT-AC68W loses the internet entirely. How can I disable WAN and still connect to the internet?

he is referring to remote access or any type of access from outside your own local area network

if you dont need remote access turn it off and the above issues are not relevant , however its always best to run the very latest fw available

 

[RMerlin]

Right. The only thing someone should be exposing on the router IF they need it is the OpenVPN server. I wouldn't trust the FTP server either due to how old it is. As for AiCloud, nobody ever did any code audit on it, so it's hard to tell how secure it is.

 

[pdoyle]

Thank you so much! I disabled the 'Web Access From Wan"; and maintained my internet connection. SSH had not been enabled. Have the most recent asus firmware.

 

[pdoyle]

Do you have a recommendation on use of the AiProtection feature? I have not enabled it, as I don't understand its purpose. Thanks.

 

[KevTech]

Do you have a recommendation on use of the AiProtection feature? I have not enabled it, as I don't understand its purpose. Thanks.

https://www.asus.com/support/faq/1012070/

 

[pete y testing]

Do you have a recommendation on use of the AiProtection feature? I have not enabled it, as I don't understand its purpose. Thanks.

sure , it seems to work well as long as your happy to have trend micro control access etc , the aiprotect doesnt seem to have any negative impact on bandwidth on most normal speed internet connections under 200Mbps

the link above explains it well if not a little confusing , when using asus routers i always have aiprotection enabled ( after finishing router testing ) , its an extra level of security so why not use it