Login

deckeda · 02-18-2014, 05:02 AM

http://arstechnica.com/security/2014/02/...ited-flaw/

You can't even say they were hacked. Just ftp the IP and you could see any attached USB disk! (If using that feature.)

It's been patched by ASUS but has to be manually downloaded currently. This is the support page for the one I just picked up for my sister: http://www.asus.com/Networking/RTN66U/#support

Something to think about when depending on a consumer router for file sharing.

Black · 02-18-2014, 05:08 AM

Looks like-- if you don't have any drives plugged into the USB port of the router, you're OK.

Chakravartin · 02-18-2014, 11:49 AM

What's very interesting about the unit that I tested is that after the patch and with all services disabled, the damned thing still responds on port 80 on the WAN, even though login on that port fails and no web page loads. This is with the firewall up and the router set not to respond to external requests. It's like painting a target on your back.

And FTP seems to be enabled on the LAN side when a drive is connected no matter what the FTP settings are on the router. It's not accepting attempts to connect with any of the user/admin accounts that we set up, but with the service on even when it's supposed to be off I wonder whether there's a backdoor.

I hope there's another firmware update on its way.

mattkime · 02-18-2014, 01:36 PM

yet another reason to run a 3rd party firmware - tomato, dd-wrt, etc.

Login
Username:
Password:	Lost Password?
	Remember me