Asus Router User – You’ve been pwned

I’ve just purchased a new router, it’s an Asus RT-AC56U, all was working well until a friend in IRC [thanks MartijnVdS] informed me of a security flaw. Essentially, if you’ve ever had a hard drive attached to the USB port on the router, have FTP enabled, which is on for various models, then in some situations you can see the entire contents of that external drive online. Understandably I panicked, but then realised, I’ve not got these functions enabled, and don’t have an external drive attached. I did though upgrade to the latest firmware and rebooted.

If you think this might affect you, then read this

http://arstechnica.com/security/2014/02/dear-asus-router-user-youve-been-pwned-thanks-to-easily-exploited-flaw/

You might want to think about upgrading your firmware and change any passwords. Possibly even disconnect your hard drive.

You may also want to make sure you’re IP isn’t on this page – http://pastebin.com/ASfYTWgw if it is then from a browser type ftp://ipaddress and see if you can see your files, if you’re unpatched they will appear which is utterly gobsmacking 😦

Don’t let yourself get caught out.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s