anotherengineer
Senior Member
Is asus wRT or merlin affected by this?
https://arstechnica.com/information...rable-to-attacks-that-execute-malicious-code/
https://arstechnica.com/information...rable-to-attacks-that-execute-malicious-code/
open WRT security hole
- Thread starter anotherengineer
- Start date
ColinTaylor
Part of the Furniture
CrystalLattice
Regular Contributor
asuswrt and asuswrt-merlin are basically unusable: https://www.cvedetails.com/vulnerab...&sha=1246a655228426974d68bcfe7fe98d09ed0e10ca
as documented by merlin to me on this blog, he just gets the BLOB from Asus, then does his minor tweaks, and doesnt really emphasize security.
20 openwrt developers have mitigated the above issue in the last 3 firmware upgrades, and are working on using https to deliver upgrades. no attacks reported. i'm sure colin taylor will have a politically motivated response to the facts!
Really ? Looking down the list you cite , all the firmware shown has already been updated .
Adamm
Part of the Furniture
Might want to loosen up that tinfoil hat there, I think its cutting off circulation
What's your point here? Those security holes are long fixed. And half of them aren't even related to Asuswrt, but to other Asus devices. Your list includes a security issue with their touchpad...
Also, try the same query using Netgear, TP-Link, D-Link, and so on... Then, look at the average severity score of all of these.
You tell me which one is the most "unusable" of the lot.
I'm the one who tightened file permissions, reduced execution privileges on some daemons like avahi, added OpenVPN support, upgraded to OpenSSL 1.1.1, removed the ability to execute commands over a web page, added SMB 2.0 support, added FTP TLS support. Your statement is incorrect.
EDIT: oh, and I forgot. I added HTTPS support to the webui before Asus did. Also, I disabled SSLv3 support and enforced more secure ciphers before they did.
You're welcome.
Last edited:
I refuse to implement automatic firmware upgrade for this specific reason: security.
As for Asus, they have been implementing RSA signing to their firmware updates for quite some time now. They are ahead of OpenWRT in that aspect.
Take no notice Eric, this guy pops up with his anti ASUS agenda every few months , maybe somebody piddled on his cornflakes this morning.
I know. However I felt it was important to point out the numerous security enhancements I have added to this firmware (many of which are also available in the stock firmware now), in case someone else came to this thread through a Google search.
anotherengineer
Senior Member
Good stuff. thanks for the feedback guys.
Over the years you have, bit by bit added a massive amount to the ASUS router.
I know that only too well , having recently retired my AC3200 and replaced it with the AX92U twin pack , I turned them on and was stunned to see the ASUS GUI , it is at least 50% smaller than Merlin.
I had to check twice to be sure there wasn't a problem with the firmware , it made me realise exactly how much work you have done over the last 5 years.
Last edited:
Similar threads
- SocratesBackup
- Asuswrt-Merlin
Similar threads
Similar threads
-
AX56 aimesh node shows open access (no password or security)- Started by Labdoc
- Replies: 5
-
Unknown service with TCP port open on the WAN interface of the router
- Started by collations_interrena
- Replies: 11
-
Windscribe Open VPN Config issue on AX 86U pro running merlin 3006.102.5
- Started by rd1600
- Replies: 0
-
-
Issues with wireless disconnects AT68U / Merlin-WRT FW 386.14_2 on specific activity...
- Started by roosta113
- Replies: 10
-
-
-
Security Problem on Asus RT-BE88U same on RT-AX88U Dual WAN Enabled
- Started by Panopticon
- Replies: 1
-
[Security] SSH port opened to WAN even though "Enable SSH" is set to "LAN only"
- Started by ppfoong
- Replies: 3