Late version with Cmd tool

[Shayne]

Hi

I am currently on Firmware:3.0.0.4.374.38_2

From the change logs was 374.40 (6-March-2014) the last version with tools - run cmd?

I am not national defense and security can be obtained elsewhere. Like this option and wondering where the merger began, I think 374.41 (18-Apr-2014), but confirmation would appreciate.

Understand reason and do appreciate all the wizard does.

Regards

 

[ryzhov_al]

Please refer to changelog to find out when RunCmd page was removed.

 

[Adamm]

Hi

I am currently on Firmware:3.0.0.4.374.38_2

From the change logs was 374.40 (6-March-2014) the last version with tools - run cmd?

I am not national defense and security can be obtained elsewhere. Like this option and wondering where the merger began, I think 374.41 (18-Apr-2014), but confirmation would appreciate.

Understand reason and do appreciate all the wizard does.

Regards

It was removed for security reasons as It can be exploited via other webpages using such methods as XXS etc.

There's no reason you can't use SSH, its much more secure and easier to use, not to mention when setup correctly with SSH Keys you can login with one click using xShell/Putty (faster then logging into the router GUI then navigating to the correct page)

 

[Shayne]

That is what I did was read the change log? Was just looking for confirmation.

I can pageant SSH Authentication key in no problems. Without knowing a multi character highly secure password and with ssh and telenet disabled what can they do? I think you are wrong about faster to run one command but that is a matter of opinion.

Regards

 

[RMerlin]

That is what I did was read the change log? Was just looking for confirmation.

I can pageant SSH Authentication key in no problems. Without knowing a multi character highly secure password and with ssh and telenet disabled what can they do? I think you are wrong about faster to run one command but that is a matter of opinion.

The Run Cmd page opens up the door to crosssite attacks. If you had a tab open on the router's web ui (any page at all), a malicious site open on another tab could then run ANY command on the router through a crafted URL.

 

[Deleted member 27741]

If it fits your needs, you can connect through PuTTY with a .bat file in windows-

http://forums.smallnetbuilder.com/showthread.php?t=18458

 

[Shayne]

The Run Cmd page opens up the door to crosssite attacks. If you had a tab open on the router's web ui (any page at all), a malicious site open on another tab could then run ANY command on the router through a crafted URL.

Thank you, I do not use tabs I use multiply windows. I have tabs on a task bar I do not need dual tabs. We guess you would not implement it again with a disable/enable toggle and keep something different than Asus stock firmware?

Regards

 

[RMerlin]

Thank you, I do not use tabs I use multiply windows. I have tabs on a task bar I do not need dual tabs. We guess you would not implement it again with a disable/enable toggle and keep something different than Asus stock firmware?

No, because this would basically be a "please-p0wn-me" switch. And the same potential security issues could arise where a separate tab might be able to inject an enable switch inside an open webui page to re-enable it, opening the door wide open for running arbitrary commands.