Some routers can limit the LAN side devices that are allowed to communicate with the web interface. The routers are being hacked from the LAN side by malware running on Windows PCs. The malware seems to be using existing, known bugs to infect the routers. ZuoRAT Hijacks SOHO Routers To Silently Stalk Networks The bug also exists in Asus routers, both those running ASUSWRT (factory installed firmware) and the open-source firmware alternative known as Asuswrt-Merlin.īeen fixed in AsusWrt-Merlin as of version 386.7.
#Asus firewall builder Patch
FreshTomato issued a patch on May 6th.ĭD-WRT has not yet issued a patch. All three router firmware vendors were contacted on April 11, 2022. In each case, a specially crafted HTTP request can lead to memory corruption. The root cause in each case was a piece of code that had been taken from an open-source library owned by Broadcom. Talos found three vulnerabilities in open-source router firmware packages. Vulnerability Spotlight: How a code re-use issue led to vulnerabilities across multiple productsīy Francesco Benvenuto of Cisco Talos July 27, 2022 2022ĭD-WRT and Asus can not be bothered fixing bugs Articles that offer security advice are listed on the Other router security advice page. The flaws that are exploited are documented on the Bugs page. I am still waiting for a good news story about routers. Routers in the news, pretty much means routers getting exploited by bad guys to do bad things.
0 kommentar(er)
