Menu
What's new
By:
Filters Better Search

Unexplained 'hacks' into Asus routers

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Is the user "honza" legit?
 
380.65 / 380.4180:

- Fixed a security vulnerability regarding XSS.
- Fixed a security vulnerability regarding CSRF.
- Added protection for Brute-force attack.
 
Simple, the exploit retrieved that information from the router.
 
hggomes said:
380.65 / 380.4180:

- Fixed a security vulnerability regarding XSS.
- Fixed a security vulnerability regarding CSRF.
- Added protection for Brute-force attack.
Click to expand...
Is this really fix?
Should I completely wipe my nvram and storage before install?

Odesláno z mého SM-G935F pomocí Tapatalk
 
I'm not 100% sure if that will fix this specific vulnerability, but you can give it a try and check the results, but you would probably need to enabled once again WebUI Remote Access.
 
blbeczech82 said:
And my login and password was stolen as readable or just used hashed?

Odesláno z mého SM-G935F pomocí Tapatalk
Click to expand...

You should change the password no matter what.
 
ColinTaylor said:
So they're not hashed, they're plain text!
Click to expand...

Wonderful...

about 20 years back - I hid the user password in an APP.ini file for a Windows app I was working on - at the time, base64 seemed reasonable - and I caught holy hell for that one ;)

Oh well - sins of the fathers...
 
Just as an FYI...

hulk says smash - I'm going in thru a Chromebook of all things...

Guest Network enabled... we're going thru the web interface...

I'm posting on the same connection - yes, the unauthenticated connection on the router...

I will not disclose publicly how this was done - but I've access to the HTTP server, and since it runs as root, I've got root..

Screenshot 2017-01-05 at 8.58.20 PM.png


If there are any forum members also in the San Diego, CA area - I'd like to borrow your router for a couple of days...

I can loan you another AC1900 class router in the interim...

PM me if you want to help out...
 
Last edited:
hggomes said:
380.65 / 380.4180:

- Fixed a security vulnerability regarding XSS.
- Fixed a security vulnerability regarding CSRF.
- Added protection for Brute-force attack.
Click to expand...

Asus fixed some security issues in 380.4180, and I fixed an additional security issue on my own. However I have no way of knowing if any of these fixes from either Asus or myself will cover the recent incident.

In any case, I forwarded what info I had to Asus, and will proceed with backporting all of these fixes in a 380.64_1 release. I just need time to compile and test all of those firmwares (the new PC parts can't get here soon enough!).
 
RMerlin said:
Asus fixed some security issues in 380.4180, and I fixed an additional security issue on my own. However I have no way of knowing if any of these fixes from either Asus or myself will cover the recent incident.

In any case, I forwarded what info I had to Asus, and will proceed with backporting all of these fixes in a 380.64_1 release. I just need time to compile and test all of those firmwares (the new PC parts can't get here soon enough!).
Click to expand...
I hope the Asus guys will take this one serious. Could potentially be a 'Linksys sized' issue.
 
sfx2000 said:
Just as an FYI...

hulk says smash - I'm going in thru a Chromebook of all things...

Guest Network enabled... we're going thru the web interface...

I'm posting on the same connection - yes, the unauthenticated connection on the router...

I will not disclose publicly how this was done - but I've access to the HTTP server, and since it runs as root, I've got root..

View attachment 8178

If there are any forum members also in the San Diego, CA area - I'd like to borrow your router for a couple of days...

I can loan you another AC1900 class router in the interim...

PM me if you want to help out...
Click to expand...

Could you try to "smash" Merlin's new .64_1 in the same way?

Odesláno z mého SM-G935F pomocí Tapatalk
 
blbeczech82 said:
Is this really fix?
Should I completely wipe my nvram and storage before install?

Odesláno z mého SM-G935F pomocí Tapatalk
Click to expand...
try latest AsusWRT 4180, open webui to wan and watch log.
After install this fw do factory default and configure You router.
 
You must log in or register to reply here.

Similar threads

Wutikorn
Was my router's username and password hacked?
11 12 13
Replies
258
Views
52K
martinr
M
Similar threads
Thread starter Title Forum Replies Date
M Release ASUS ZenWIFI ET9 Firmware version 3.0.0.4.388_25136 ASUSWRT - Official 2
DMcD-EMS-USMC Release ASUS RT-BE96U Firmware version 3.0.0.6.102_37024 (10/23/2024) ASUSWRT - Official 1
F Release ASUS ZenWiFi XC5 Firmware version 3.0.0.4.388_23443 (2024/10/16) ASUSWRT - Official 0
F Release ASUS ZenWiFi XD6 / XD6S Firmware version 3.0.0.4.388_23813 (2024/10/21) ASUSWRT - Official 1
K Release ASUS RT-BE86U Firmware version 3.0.0.6.102_37022 ASUSWRT - Official 5
F Release ASUS RT-AX5400 Firmware version 3.0.0.4.388_25119 (2024/10/16) ASUSWRT - Official 13
F Release ASUS TUF-AX6000 Firmware version 3.0.0.4.388_33419 (2024/10/15) ASUSWRT - Official 5
visortgw Release ASUS RT-AX82U Firmware version 3.0.0.4.388_25004 (2024/10/09) ASUSWRT - Official 0
F Release ASUS RT-BE88U Firmware version 3.0.0.6.102_33928 (2024/10/09) ASUSWRT - Official 9
F Release ASUS TUF-AX4200 Firmware version 3.0.0.4.388_33489 (2024/10/09) ASUSWRT - Official 0

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 662 (members: 36, guests: 626)
Top