Recent content by Qanan
-
Q
A few points of clarification on ASUS Security issues
Hey all, I know that there was a lot of information flying back and forth about the security issues myself and others reported both this and last year. I only do this because I respect Merlins software, but was troubled by some of the comments on this thread here...- Qanan
- Thread
- Replies: 2
- Forum: ASUS Wireless
-
Q
[VERY IMPORTANT] Asus routers are compromised.
FYI on Samba share issue The reports concerning attached HD's being vulnerable to wan side exposure, even if FTP is turned off is true, but it wasn't explained well in the article. The caveat to the bug is the ASUS firmware from July 13 closed that hole. I believe some were concerned by high...- Qanan
- Post #100
- Forum: ASUS Wireless
-
Q
possible security holes with RT-N66U
Initial tests of the firmware pulled today for the N66U show the basic holes have been filled. More in depth testing will take a bit, but since I'm not able to access $root, I think it's safe to say that it definitely made a positive difference. Ill drop a note here if we find otherwise.- Qanan
- Post #24
- Forum: Asuswrt-Merlin
-
Q
possible security holes with RT-N66U
The first problems were reported in Jan to ASUS by a researcher that found the xml's on the upnp port accessible. In March the $root problem was reported to them by another guy who found that $root had a built in PW which was also vulnerable. In June I reported to ASUS the proofs of how the...- Qanan
- Post #20
- Forum: Asuswrt-Merlin
-
Q
possible security holes with RT-N66U
What will really bake your noodle is the stuff I only disclosed to ASUS so far. Why even bother with hashing /shadow when they leave this in there? curl https://<IP>/smb/tmp/$dir/lighttpd/permissions -k -L Other stuff I won't disclose though, such as traversing to the admin panel is...- Qanan
- Post #10
- Forum: Asuswrt-Merlin