1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

AI Protection Exploit asuswrt 3.0.0.4.376_1071 LAN Backdoor Command Execution (CVE-2014-0583)

Discussion in 'ASUS Wireless' started by draohnjeii, Apr 24, 2018.

  1. draohnjeii

    draohnjeii New Around Here

    Joined:
    Apr 24, 2018
    Messages:
    2
    I'm seeing Exploit asuswrt 3.0.0.4.376_1071 LAN Backdoor Command Execution (CVE-2014-0583) in my AI Protection log. Does this mean that one of the systems on my LAN is compromised? When I read about this vulnerability, it shows that its a LAN based attack. I have been running Asuswrt-Merlin 384.4_2 on my RT-AC3200
     
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    27,975
    Location:
    Canada
    No, it means that something tried to exploit that issue, which has been fixed years ago. Therefore nothing to worry about. You can determine who tried to access that by looking at the source in the log. It's probably from the WAN, looking for people with exposed routers.

    That IPS is doing more harm than good so far IMHO. Most users don't have the technical know-how to properly understand its reports. What it does is more about showing off that it's blocking something than providing an actual security improvement.
     
    unsynaps likes this.
  4. draohnjeii

    draohnjeii New Around Here

    Joined:
    Apr 24, 2018
    Messages:
    2
    Wow a response from the man himself! The AI Protection screen shows the source IP address which is an external IP address, I just got nervous because the vulnerability is described as a LAN vulnerability, so I was thinking it could only be attempted to be exploited internally from my network.

    So you recommend actually disabling AI Protection altogether? You're saying the router has those vulnerabilities patched anyway, so even if it didn't block the malicious packet, it wouldn't be able to exploit the vulnerability anyway so its basically redundant protection?
     
  5. Insight

    Insight Occasional Visitor

    Joined:
    Jul 15, 2017
    Messages:
    29
    Thats pretty cool. I just had the same alert as well coming from an IP based in Brazil. Not too much on the web of that address so far but interesting to see on these forums.

    Are you saying it's blocking more than is should or just causing panic with end users? I like the feature myself, especially since Asus has had some trouble in the past with vulnerabilities.
     
  6. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    27,975
    Location:
    Canada
    It's just causing unnecessary panic. The router's firewall was already blocking these connection attempts, because as hinted by the description. that exploit only worked within the LAN, or if you had the router's firewall disabled.
     
  7. bblearner

    bblearner New Around Here

    Joined:
    Oct 8, 2018
    Messages:
    1
    Hi, unfortunately my Asus is showing in the AI protection report that the Exploit Asuswrt connection attempt is coming from an INTERNAL IP address on my network, actually from my laptop. The log is pretty consistent with when my pc is on, so it's no coincidence. Is it a fair assumption that my pc is infected?I'm running Eset NOD32, regular scans, etc etc, and it shows nothing, but I did have a recent serious security breach through RDP on another computer on the network. Thanks for any help.
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!