Menu
What's new
By:
Filters Better Search

Vulnerability scan

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

NogNeetMachinaal

NogNeetMachinaal

Occasional Visitor
See also attached screenshot:
This is the result of a vulnerability scan of an Asus rt-ac68u with the latest Merlin firmware.
This is done without any interactive logins => only portscanning.

This router is not reachable via the internet

While it looks worse then it really is due to the different host names and TCP ports, all issues have fixes available.

How, that is just my view on this => anyone with a different perspective?

In addition, is there a way to remove the different host names (already disabled?
I already set "Redirect webui access to router.asus.com" to no => this is just noise.
 

Attachments

  • Vulnerabilities.png
    Vulnerabilities.png
    226 KB · Views: 269
Have you verified that these are actually real vulnerabilities? Generic vulnerability scanners usually report many false positives. For example, it appears to be reporting an issue with PHP, but the router doesn't use PHP afaik.
 
Most of these are indeed bogus. There's no PHP on the router, and the router isn't a Polycom VoIP phone either.
 
Thank you for the feedback.

Indeed - the first step is validating if it is a real vulnerability.
And yes - I'm aware of the fact that the router is not running php and isn't a phone.

Thinking out load now:
If I do some research on the presented "vulnerabilities" then it seems to be related to a way of bringing the webserver down by lauching certain get commands. This is characterized as "HTTP negative Content-Length buffer overflow".

At the same time, the scanner also detected an error condition where the webserver didn't respond. With this in mind, I would say this part of the result is a valid one.

The part that I'm not so sure of is where it says that an attacker may use this to disable the service or even execute arbitrary code on the system. This is because I don't have visibility on what is suppose to happen if the webserver is not responding. What is your view here?
 
NogNeetMachinaal said:
If I do some research on the presented "vulnerabilities" then it seems to be related to a way of bringing the webserver down by lauching certain get commands. This is characterized as "HTTP negative Content-Length buffer overflow".
Click to expand...

We'd need a test case to be able to reproduce and validate the result, outside of the scanner itself.
 
You must log in or register to reply here.

Similar threads

Viktor Jaep
VPNMON VPNMON-R3 v1.3.7 -Oct 20, 2024- Monitor WAN/Dual-WAN/OpenVPN Health & Reset Multiple OpenVPN Connections (Now available in AMTM!)
12 13 14
Replies
278
Views
42K
bibikalka
B
C
RT-AX89X suddenly started using a lot more CPU and memory leak leads to lockup every ~10mins
4 5 6
Replies
112
Views
18K
bennor
B
bbeny123
Tutorial Debian 12 Bookworm + Plex Media Server (Asus RT-AX86S)
2
Replies
22
Views
7K
Rexawl
Rexawl
Viktor Jaep
VPNMON VPNMON-R2 v2.65 -Jan 27, 2024- DISCONTINUED - Upgrade to VPNMON-R3 Available! (#3)
6 7 8
Replies
144
Views
22K
Viktor Jaep
Viktor Jaep
C
Merlin RT-AC86U 384.16 - Port Scan Shows TCP 80 ---> OPEN
Replies
10
Views
2K
cousinit99
C
Similar threads
Thread starter Title Forum Replies Date
U multiple entries using ‘arp-scan’ but not reflected in ‘arp’ command Asuswrt-Merlin 3
H Suggestion/Idea: AI scan of release threads/forum Asuswrt-Merlin 5

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 770 (members: 27, guests: 743)
Top