华硕路由的安全问题# Hardware - 计算机硬件
c*n
1 楼
https://www.reddit.com/r/netsec/comments/7svj9w/asus_routers_lanside_
unauthenticated_remote_code/
>> Background and summary
AsusWRT is the operating system used in mid range and high end Asus routers.
It is based on Linux, but with a sleek web UI and a slimmed down profile
suitable for running on resource constrained routers.
Thankfully ASUS is a responsible company, and not only they publish the full
source code as required by the GPL, but they also give users full root
access to their router via SSH. Overall the security of their operating
system is pretty good, especially when compared to other router
manufacturers.
However due to a number of coding errors, it is possible for an
unauthenticated attacker in the LAN to achieve remote code execution in the
router as the root user.
A special thanks to Beyond Security SecuriTeam Secure Disclosure (SSD)
programme for disclosing these vulnerabilities to the manufacturer, speeding
the resolution of the issues discovered (see [1] for their advisory).
unauthenticated_remote_code/
>> Background and summary
AsusWRT is the operating system used in mid range and high end Asus routers.
It is based on Linux, but with a sleek web UI and a slimmed down profile
suitable for running on resource constrained routers.
Thankfully ASUS is a responsible company, and not only they publish the full
source code as required by the GPL, but they also give users full root
access to their router via SSH. Overall the security of their operating
system is pretty good, especially when compared to other router
manufacturers.
However due to a number of coding errors, it is possible for an
unauthenticated attacker in the LAN to achieve remote code execution in the
router as the root user.
A special thanks to Beyond Security SecuriTeam Secure Disclosure (SSD)
programme for disclosing these vulnerabilities to the manufacturer, speeding
the resolution of the issues discovered (see [1] for their advisory).