Menu
What's new
By:
Filters Better Search

Unexplained 'hacks' into Asus routers

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Is the user "honza" legit?
 
380.65 / 380.4180:

- Fixed a security vulnerability regarding XSS.
- Fixed a security vulnerability regarding CSRF.
- Added protection for Brute-force attack.
 
Simple, the exploit retrieved that information from the router.
 
hggomes said:
380.65 / 380.4180:

- Fixed a security vulnerability regarding XSS.
- Fixed a security vulnerability regarding CSRF.
- Added protection for Brute-force attack.
Click to expand...
Is this really fix?
Should I completely wipe my nvram and storage before install?

Odesláno z mého SM-G935F pomocí Tapatalk
 
I'm not 100% sure if that will fix this specific vulnerability, but you can give it a try and check the results, but you would probably need to enabled once again WebUI Remote Access.
 
blbeczech82 said:
And my login and password was stolen as readable or just used hashed?

Odesláno z mého SM-G935F pomocí Tapatalk
Click to expand...

You should change the password no matter what.
 
ColinTaylor said:
So they're not hashed, they're plain text!
Click to expand...

Wonderful...

about 20 years back - I hid the user password in an APP.ini file for a Windows app I was working on - at the time, base64 seemed reasonable - and I caught holy hell for that one ;)

Oh well - sins of the fathers...
 
Just as an FYI...

hulk says smash - I'm going in thru a Chromebook of all things...

Guest Network enabled... we're going thru the web interface...

I'm posting on the same connection - yes, the unauthenticated connection on the router...

I will not disclose publicly how this was done - but I've access to the HTTP server, and since it runs as root, I've got root..

Screenshot 2017-01-05 at 8.58.20 PM.png


If there are any forum members also in the San Diego, CA area - I'd like to borrow your router for a couple of days...

I can loan you another AC1900 class router in the interim...

PM me if you want to help out...
 
Last edited:
hggomes said:
380.65 / 380.4180:

- Fixed a security vulnerability regarding XSS.
- Fixed a security vulnerability regarding CSRF.
- Added protection for Brute-force attack.
Click to expand...

Asus fixed some security issues in 380.4180, and I fixed an additional security issue on my own. However I have no way of knowing if any of these fixes from either Asus or myself will cover the recent incident.

In any case, I forwarded what info I had to Asus, and will proceed with backporting all of these fixes in a 380.64_1 release. I just need time to compile and test all of those firmwares (the new PC parts can't get here soon enough!).
 
RMerlin said:
Asus fixed some security issues in 380.4180, and I fixed an additional security issue on my own. However I have no way of knowing if any of these fixes from either Asus or myself will cover the recent incident.

In any case, I forwarded what info I had to Asus, and will proceed with backporting all of these fixes in a 380.64_1 release. I just need time to compile and test all of those firmwares (the new PC parts can't get here soon enough!).
Click to expand...
I hope the Asus guys will take this one serious. Could potentially be a 'Linksys sized' issue.
 
sfx2000 said:
Just as an FYI...

hulk says smash - I'm going in thru a Chromebook of all things...

Guest Network enabled... we're going thru the web interface...

I'm posting on the same connection - yes, the unauthenticated connection on the router...

I will not disclose publicly how this was done - but I've access to the HTTP server, and since it runs as root, I've got root..

View attachment 8178

If there are any forum members also in the San Diego, CA area - I'd like to borrow your router for a couple of days...

I can loan you another AC1900 class router in the interim...

PM me if you want to help out...
Click to expand...

Could you try to "smash" Merlin's new .64_1 in the same way?

Odesláno z mého SM-G935F pomocí Tapatalk
 
blbeczech82 said:
Is this really fix?
Should I completely wipe my nvram and storage before install?

Odesláno z mého SM-G935F pomocí Tapatalk
Click to expand...
try latest AsusWRT 4180, open webui to wan and watch log.
After install this fw do factory default and configure You router.
 
You must log in or register to reply here.

Similar threads

Wutikorn
Was my router's username and password hacked?
11 12 13
Replies
258
Views
50K
martinr
M
Similar threads
Thread starter Title Forum Replies Date
jixiangyuan ASUS GT-BE98 Firmware version 3.0.0.6.102_34372 - 2024/04/23 ASUSWRT - Official 10
bbunge Release ASUS RT-AC66U B1 Firmware version 3.0.0.4.386_51685 2024/04/15 ASUSWRT - Official 3
Intrepid Release ASUS RT-AC68U Firmware version 3.0.0.4.386_51685 (2024/04/15) ASUSWRT - Official 20
P ASUS RT-AX58 - Firmware version 3.0.0.4.388.24762 ASUSWRT - Official 9
PR3MIUM Release ASUS GT-BE25000 Firmware version 3.0.0.6.102_33570 ASUSWRT - Official 1
P Asus Router tuf ax4200 log enquiry ASUSWRT - Official 0
R Is Asus RT AX3000 v2 going to receive a firmware update? ASUSWRT - Official 15
T ASUS RT-AX55U\56v2 Firmware version 9.0.0.4.386_52297-g05e2188 ASUSWRT - Official 3
visortgw Release ASUS RT-AX88U Firmware version 3.0.0.4.388_24209 (2024/03/29) ASUSWRT - Official 17
L Release ASUS RT-AC86U Firmware version 3.0.0.4.386_51925 (2024/03/29) ASUSWRT - Official 10

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 882 (members: 18, guests: 864)
Top