What's new

News How a code re-use issue led to vulnerabilities in AsusWrt(-Merlin) and multiple other products

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

The one affecting Asuswrt is CVE-2022-26376. Judging from the report, if your firmware is ASUS 3.0.0.4.386_48706 / Merlin 386.1 or later you are not vulnerable.
 
Talos contacted me at the time to notify me of the CVE-2022-26376 issue, and I fixed it with 386.7. The Talos report is slightly inaccurate there as it mentions 386.1 instead. I'll contact them about that.
 
Similar threads

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top