What's new

Unexplained 'hacks' into Asus routers

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Is the user "honza" legit?
 
380.65 / 380.4180:

- Fixed a security vulnerability regarding XSS.
- Fixed a security vulnerability regarding CSRF.
- Added protection for Brute-force attack.
 
Simple, the exploit retrieved that information from the router.
 
380.65 / 380.4180:

- Fixed a security vulnerability regarding XSS.
- Fixed a security vulnerability regarding CSRF.
- Added protection for Brute-force attack.
Is this really fix?
Should I completely wipe my nvram and storage before install?

Odesláno z mého SM-G935F pomocí Tapatalk
 
I'm not 100% sure if that will fix this specific vulnerability, but you can give it a try and check the results, but you would probably need to enabled once again WebUI Remote Access.
 
And my login and password was stolen as readable or just used hashed?

Odesláno z mého SM-G935F pomocí Tapatalk

You should change the password no matter what.
 
So they're not hashed, they're plain text!

Wonderful...

about 20 years back - I hid the user password in an APP.ini file for a Windows app I was working on - at the time, base64 seemed reasonable - and I caught holy hell for that one ;)

Oh well - sins of the fathers...
 
Just as an FYI...

hulk says smash - I'm going in thru a Chromebook of all things...

Guest Network enabled... we're going thru the web interface...

I'm posting on the same connection - yes, the unauthenticated connection on the router...

I will not disclose publicly how this was done - but I've access to the HTTP server, and since it runs as root, I've got root..

Screenshot 2017-01-05 at 8.58.20 PM.png


If there are any forum members also in the San Diego, CA area - I'd like to borrow your router for a couple of days...

I can loan you another AC1900 class router in the interim...

PM me if you want to help out...
 
Last edited:
380.65 / 380.4180:

- Fixed a security vulnerability regarding XSS.
- Fixed a security vulnerability regarding CSRF.
- Added protection for Brute-force attack.

Asus fixed some security issues in 380.4180, and I fixed an additional security issue on my own. However I have no way of knowing if any of these fixes from either Asus or myself will cover the recent incident.

In any case, I forwarded what info I had to Asus, and will proceed with backporting all of these fixes in a 380.64_1 release. I just need time to compile and test all of those firmwares (the new PC parts can't get here soon enough!).
 
Asus fixed some security issues in 380.4180, and I fixed an additional security issue on my own. However I have no way of knowing if any of these fixes from either Asus or myself will cover the recent incident.

In any case, I forwarded what info I had to Asus, and will proceed with backporting all of these fixes in a 380.64_1 release. I just need time to compile and test all of those firmwares (the new PC parts can't get here soon enough!).
I hope the Asus guys will take this one serious. Could potentially be a 'Linksys sized' issue.
 
Just as an FYI...

hulk says smash - I'm going in thru a Chromebook of all things...

Guest Network enabled... we're going thru the web interface...

I'm posting on the same connection - yes, the unauthenticated connection on the router...

I will not disclose publicly how this was done - but I've access to the HTTP server, and since it runs as root, I've got root..

View attachment 8178

If there are any forum members also in the San Diego, CA area - I'd like to borrow your router for a couple of days...

I can loan you another AC1900 class router in the interim...

PM me if you want to help out...

Could you try to "smash" Merlin's new .64_1 in the same way?

Odesláno z mého SM-G935F pomocí Tapatalk
 
Is this really fix?
Should I completely wipe my nvram and storage before install?

Odesláno z mého SM-G935F pomocí Tapatalk
try latest AsusWRT 4180, open webui to wan and watch log.
After install this fw do factory default and configure You router.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top