search

padavanfirmware / rt-n56u

Padavan Firmware
http://padavanfw.net/
6 stars 4 forks source link

Security vulnerability #1444

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Can i ask you if that security vulnerability
http://habrahabr.ru/post/253013/
was fixed in custom firmware?

Asus fixed that recently for all its routers and i don't know if that fix was 
fetched to latest custom firmware.

Thanks

Original issue reported on code.google.com by Cuchuk.S...@gmail.com on 13 Mar 2015 at 7:40

GoogleCodeExporter commented 9 years ago 
According to the technical details I found on https://github.com/jduck/asus-cmd 
, the code causing the vulnerability seems to be "cleaned up" in the following 
git commit in 2012!
  https://code.google.com/p/rt-n56u/source/detail?r=72df1c1ff3d893df729ae99315e909c27bbdf18e
See the removed code:
  /trunk/user/infosvr/common.c:777
vs the added code:
  /trunk/user/infosvr/infosvr.c:130

If you are still suspicious, you can disable infosvr (the vulnerable service) 
using web GUI: "Administration" > "Services" > "Miscellaneous Services" > "ASUS 
Info Discovery Service"

Original comment by johnny.s...@gmail.com on 18 Mar 2015 at 6:20

GoogleCodeExporter commented 9 years ago 
Hi.

I see, you're doing so secure thing!

Thank you!

Original comment by Cuchuk.S...@gmail.com on 18 Mar 2015 at 6:57

GoogleCodeExporter commented 9 years ago

Original comment by Dr.Sydorenko.O on 21 Mar 2015 at 7:23