Dear Asus router user: You’ve been pwned, thanks to easily exploited flaw.

Discussion in 'Tomato Firmware' started by Taurus_G4, Feb 17, 2014.

  1. Taurus_G4

    Taurus_G4 Serious Server Member

    Hackers expose eight-month-old Asus weakness by leaving note on victims' drives.


    not sure if Merlin's firmware are also compromised or not?
  2. koitsu

    koitsu Network Guru Member

    Details are here (and horribly formatted):

    None of the issues in question apply to Tomato-based firmwares. These are purely Asus-specific firmware problems.

    The issue mentioned in the .txt file, re: FTP server is publicly accessible by the world, also does not apply to Tomato-based firmwares; the stock defaults will not permit this. The user must add iptables exceptions/permissions for this to be possible.
  3. RMerlin

    RMerlin Network Guru Member

    The FTP "issue" is simply people leaving FTP set to allow Anonymous usage by default. Just go to the FTP tab, and make sure it's set to only share with account (or actually disable it if you don't need FTP services).
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice