possible security holes with RT-N66U

[scottegos2]

I'm confused: I see that Asus has a .372 firmware dated 7/12 that purports to have "Fixed AiCloud vulnerability related bugs." Is this source later than the merlin 372 build? Have they actually fixed anything?

 

[Pericynthion]

Source is later - in fact although the firmware TRX was released on 7/12, the source code itself was only made available today (7/16).

RMerlin mentioned in another thread integration is likely to take place next week (onwards), but they appear to have made some changes to AIcloud specifically. I'll defer to our security testers on this thread to confirm if it actually made any difference

 

[RMerlin]

I'm confused: I see that Asus has a .372 firmware dated 7/12 that purports to have "Fixed AiCloud vulnerability related bugs." Is this source later than the merlin 372 build? Have they actually fixed anything?

The 372 basecode was worked on by Asus for over two months. They sent it to me near the very begininng of its development (I needed it for the RT-AC56U), so the code currently in my own 372 releases is way behind. Think of my code as being really build 371 if you will.

 

[Qanan]

Source is later - in fact although the firmware TRX was released on 7/12, the source code itself was only made available today (7/16).

RMerlin mentioned in another thread integration is likely to take place next week (onwards), but they appear to have made some changes to AIcloud specifically. I'll defer to our security testers on this thread to confirm if it actually made any difference

Initial tests of the firmware pulled today for the N66U show the basic holes have been filled. More in depth testing will take a bit, but since I'm not able to access $root, I think it's safe to say that it definitely made a positive difference.

Ill drop a note here if we find otherwise.

 

[craleon]

Quick domain check

To those with experience, is there a subdomain like this you noted?

where… http://FQDN/
FQDN's SHA1: f8c1861640aa105209adf94009aaddbc695f8773

> echo FQDN | openssl dgst -sha1 -hex # (stdin)= f8c1861640aa105209adf94009aaddbc695f8773

* the letters "FQDN" merely stand for something else, in case others wonder about it.

If this requires more than a quick check (i.e. because I'm assuming a small list), please ignore my inquiry about this 08 name.

Months back I'd switched firmwares in a knee-jerk reaction upon logging that domain, so I haven't looked deeper into it (to perhaps discover that it wasn't anything at all).

In any case, looking forward to each update on the thread!

Thanks, all.