What is CWE-592 and CWE-79?

[jgb-asus]

I have an ASUS-66U with Firmware 3.0.0.4.374.33. I ran AVAST scan this morning and it reported that the router has 2 hack vulnerabilities referenced by CWE-592 and CWE-79.
In both cases the recommended action is a firmware upgrade to ver 380.59.
However it also says the update may not succeed, and I will need the original CD to reload it.
But that CD is long gone.

So this is my conundrum......
1 - What is CWE-592 and 79?
2 - Are they serious or can I just go on as is?
3 - If I have to upgrade F/W what do I do if it craps out on me? (no CD)

Other info, PC running Win 7 Home.

jgb

 

[RMerlin]

1 - What is CWE-592 and 79?

Google both codes, you will find a lot of info on what these two vulnerabilities are in details. They are both tied to the web interface, for which a lot of security issues have been fixed in the 2+ years since 374.33 was released.

More serious is the fact that such an old firmware has vulnerable OpenSSL (meaning OpenVPN can be compromised) and the infosvr hole (anyone on your LAN can easily execute ANY command on your router).

You didn't specify your exact router model (there's no such thing as an ASUS-66U, it's either an RT-N66U or an RT-AC66U, assuming the numbers are correct), but in either case, you should be able to flash the latest version, do a factory default reset, and manually reconfigure your router from scratch.

There's no need for the CD. The firmware recovery tool can be downloaded from Asus's website.

 

[jgb-asus]

Thanks for the reply.
Mine is an RT-N66U.
Based on what i read, I don't have much of a vulnerability as I don't open unknown sites either in banners or junk mail.
Not sure if AVAST would spot the malware, but I will update the F/W anyway.

jgb