1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

RT-68U (Firmw 384.8.2) Vulnerabilities revealed by zANTI

Discussion in 'Asuswrt-Merlin' started by brumac, Jan 11, 2019.

  1. brumac

    brumac New Around Here

    Joined:
    Jan 11, 2019
    Messages:
    3
    Good morning, I am not an expert and need help.
    Yesterday I tested the vulnerabilities of my RT-68U (Firmware Asuswrt-Merlin 384.8.2) with zANTI.
    Result:
    Vulnerabilities (3):
    smb-vuln-cve2009-3103,
    http-slowloris-check, http-method-tamper
    Do I have to change the configuration?
    What should I do?
    Greetings to everyone!
    PS Google translator
     
  2. martinr

    martinr Very Senior Member

    Joined:
    Nov 27, 2014
    Messages:
    1,361
    Location:
    United Kingdom
    For starters, run the Router Security Assessment on the AIProtection page.

    Did you look up the CVE on Google?

    Have you got SAMBA share enabled under USB Application?
     
    Last edited: Jan 11, 2019
  3. brumac

    brumac New Around Here

    Joined:
    Jan 11, 2019
    Messages:
    3
    I looked for CVE on Google. I did not understand anything. I apologize for my ignorance.
    In AIProtection page Enabled AiProtection is OFF! Router Security Assessment gives me 3 Risk:
    Malicious Website Blocking enabled
    No
    Vulnerability Protection enabled -
    No
    Infected Device Prevention and Blocking
    No
    Better to activate everything? Can I trust Trend Micro?
    Thanks a lot for the answer!
    Bruno
     
  4. Zonkd

    Zonkd Regular Contributor

    Joined:
    Oct 19, 2014
    Messages:
    197
    It’s optional. It will ask you to read and accept the EULA before AiProtect features are enabled. Read it well before deciding. The router will send a significant amount of data, including all of your web browsing, to TrendMicro (which is a reputable well known AV company).

    Merlin trusts them enough to use AiProtect. Personally I don’t and evidence shows they’ve been negligent in the recent past. In September of 2018 a lot of their software was removed from the Apple Mac App Store because it was literally Chinese Spyware. They outsource product development and don’t bother to check if it’s safe. Shame on Apple too for letting it into their App Store. Read up on it.

    Besides that opting into aggressive network-level data collection seems like a bad idea.
     
  5. martinr

    martinr Very Senior Member

    Joined:
    Nov 27, 2014
    Messages:
    1,361
    Location:
    United Kingdom
    I didn’t realise you had to enable AIProtection to run the security scan. So you could turn it on, run the scan and then turn it off if you wanted. But I’ve run all the AIProtection modules for several years without any qualms. And I remember a few years back that Merlin said he had run (or runs) most if not all the modules without hesitation. What’s good enough for Merlin is more than good enough for me.
     
  6. martinr

    martinr Very Senior Member

    Joined:
    Nov 27, 2014
    Messages:
    1,361
    Location:
    United Kingdom
    My memory isn’t quite up to speed: Merlin wrote, “I don't use the Infected Device detection. I only use the Vulnerability Protection feature.”. Nevertheless, I’m fairly certain that, in other posts over the years, Merlin has said words to the effect of his trusting AIProtection or certainly not distrusting it.

    Anyway, have a look on the forum and see what the consensus is eg:

    https://www.google.com/search?q=asu...HM-wKHTpgDqUQrQIoBDAAegQIBBAJ&biw=320&bih=548
     
    Last edited: Jan 11, 2019
  7. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    28,844
    Location:
    Canada
    Considering cve2009-3103 specifically targets Windows, I doubt your scanning software is doing a good job at determining real issues there, as your router is using Samba, a completely different daemon. This is a false positive.
     
  8. Dave Parker

    Dave Parker Regular Contributor

    Joined:
    Apr 22, 2015
    Messages:
    85
    Location:
    Marmaduke Ar.
    I've been using Merlins firmware for several years, first on the N66U, then the AC68U, now on the AC86U. I have AIProtection enabled, SAMBA share enabled and guest login enabled. It's the only way I can access the Toshiba portable hard drive connected to the router. Nothing on it but backups. I'm still working on that. Mostly a learning thing. I trust Merlins firmware and haven't had any problems with it. We live out in the sticks, closest neighbor is 1/4 mile away. I'm nobody from nowhere Arkansas. If the Chinese or anybody else wants to know that I shop at Amazon, and Wal-Mart, that I am a SNB forum member, a HowToGeek and Windows10 forum subscriber so be it. Who cares. A terrible waste of there time and resources.
     
  9. brumac

    brumac New Around Here

    Joined:
    Jan 11, 2019
    Messages:
    3
    I'm curious about it. I also trust the Merlin Firmware and I do not even have to hide.
    Thinking about vulnerabilities, they are perhaps false positives because I have not said one important thing:
    I have configured on my rt-68u VPN client (NordVPN) and also OpenVPN server (to communicate with my home network remotely)
    Perhaps it is the VPN that opens some protocols that then turn out to be false positives:
    Sorry for my ignorance on the subject and for my English!