ASUS官網 4月16日 更新 RT-AC66U/N66U/N16 固件版本 v3.0.0.4.374_5517
本帖最后由 ada_qian 于 2014-5-12 09:30 编辑ASUSWRT 4月16日发布FW v3.0.0.4.374_5517啦
支持的路由器有:RT-AC66U,RT-N66U,RT-N16,RT-N12 (REV.D1), RT-N12HP,RT-N10U
更新內容參见附件
20140414- 3.0.0.4 build 374 extend no 5517 RT-AC66U/ AC66R
Security related issues:
1. Fixed remote command execution vulnerability2. Fixed cross site scripting vulnerability
3. Fixed parameters buffer overflow vulnerability
4. Fixed XSS(Cross Site Scripting) vulnerability
5. Fixed CSRF(Cross Site Request Forgery) vulnerability
6. Added auto logout function. The timeout time can beconfigured in - Administration--> System
7. Included patches related to network map. Thanks for Merlin'scontribution.
8. Fixed password disclosure in source code whenadministrator logged in.
9. Changed OpenSSL Library from 1.0.0.b to 1.0.0.d. Both OpenSSLversions are not vulnerable to heartbleed bug. Others:
1. Fixed IPTV related issues.
2. Modified the 3G/LTE dongle setting process in quick internetsetup wizard.
3. Fixed the Cloud sync problem
4. Fixed Parental control check box UI issues.
5. Modified the FTP/ Samba permission setting UI
6. Modified media server setting UI
7.Samba/media server/ iTunes server name can be changed.
8. Dual wan fail over now support fail back
9.Fixed wake on lan magic packet sending issue.
10.Fixed false alarm for samba and ftp permission.
11.Fixed IPv6 related issues.
Specialthanks for David and Palula’s research
CVE-2014-2719 http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html
Remotecommand execution http://seclists.org/fulldisclosure/2014/Apr/58
Reflected XSS: http://seclists.org/fulldisclosure/2014/Apr/59
RT-N66U/N66R/ N66W
Security related issues:
1. Fixed remote command execution vulnerability
2. Fixed cross site scripting vulnerability
3. Fixed parameters buffer overflow vulnerability
4. Fixed XSS(Cross Site Scripting) vulnerability
5. Fixed CSRF(Cross Site Request Forgery) vulnerability
6. Added auto logout function. The timeout time can beconfigured in - Administration--> System
7. Included patches related to network map. Thanks for Merlin'scontribution.
8. Fixed password disclosure in source code whenadministrator logged in.
9. Changed OpenSSL Library from 1.0.0.b to 1.0.0.d. Both OpenSSLversions are not vulnerable to heartbleed bug. Others:
1. Fixed IPTV related issues.
2. Modified the 3G/LTE dongle setting process in quick internetsetup wizard.
3. Fixed the Cloud sync problem
4. Fixed Parental control check box UI issues.
5. Modified the FTP/ Samba permission setting UI
6. Modified media server setting UI
7.Samba/media server/ iTunes server name can be changed.
8. Dual wan fail over now support fail back
9.Fixed wake on lan magic packet sending issue.
10.Fixed false alarm for samba and ftp permission.
11.Fixed IPv6 related issues.
Specialthanks for David and Palula’s research
CVE-2014-2719 http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html
Remotecommand execution http://seclists.org/fulldisclosure/2014/Apr/58
Reflected XSS: http://seclists.org/fulldisclosure/2014/Apr/59
RT-N16
Security related issues:1. Fixed remote command execution vulnerability
2. Fixed cross site scripting vulnerability
3. Fixed parameters buffer overflow vulnerability
4. Fixed XSS(Cross Site Scripting) vulnerability
5. Fixed CSRF(Cross Site Request Forgery) vulnerability
6. Added auto logout function. The timeout time can beconfigured in - Administration--> System
7. Included patches related to network map. Thanks for Merlin'scontribution.
8. Fixed password disclosure in source code whenadministrator logged in.
9. Changed OpenSSL Library from 1.0.0.b to 1.0.0.d. Both OpenSSLversions are not vulnerable to heartbleed bug. Others:
1. Fixed IPTV related issues.
2. Modified the 3G/LTE dongle setting process in quick internetsetup wizard.
3. Fixed the Cloud sync problem
4. Fixed Parental control check box UI issues.
5. Modified the FTP/ Samba permission setting UI
6. Modified media server setting UI
7.Samba/media server/ iTunes server name can be changed.
8. Dual wan fail over now support fail back
9.Fixed wake on lan magic packet sending issue.
10.Fixed false alarm for samba and ftp permission.
11.Fixed IPv6 related issues.
Specialthanks for David and Palula’s research
CVE-2014-2719 http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html
Remotecommand execution http://seclists.org/fulldisclosure/2014/Apr/58
Reflected XSS: http://seclists.org/fulldisclosure/2014/Apr/59
RT-N12HP Security related issues:
1. Fixed remote command execution vulnerability
2. Fixed parameters buffer overflow vulnerability
3. Fixed XSS(Cross Site Scripting) vulnerability
4. Fixed CSRF(Cross Site Request Forgery) vulnerability
5. Added auto logout function. The timeout time can beconfigured in - Administration--> System
6. Included patches related to network map. Thanks for Merlin'scontribution.
7. Fixed password disclosure in source code whenadministrator logged in. Others:
1. Fixed IPTV related issues.
2. Fixed Parental control check box UI issues.
3.Fixed wake on lan magic packet sending issue.
4.Fixed IPv6 related issues.
RT-N12D1Security related issues:
1. Fixed remote command execution vulnerability
2. Fixed parameters buffer overflow vulnerability
3. Fixed XSS(Cross Site Scripting) vulnerability
4. Fixed CSRF(Cross Site Request Forgery) vulnerability
5. Added auto logout function. The timeout time can beconfigured in - Administration--> System
6. Included patches related to network map. Thanks for Merlin'scontribution.
7. Fixed password disclosure in source code whenadministrator logged in. Others:
1. Fixed IPTV related issues.
2. Fixed Parental control check box UI issues.
3.Fixed wake on lan magic packet sending issue.
4.Fixed IPv6 related issues.
RT-N10U/N10U B1Security related issues:
1. Fixed remote command execution vulnerability
2. Fixed parameters buffer overflow vulnerability
3. Fixed XSS(Cross Site Scripting) vulnerability
4. Fixed CSRF(Cross Site Request Forgery) vulnerability
5. Added auto logout function. The timeout time can beconfigured in - Administration--> System
6. Included patches related to network map. Thanks for Merlin'scontribution.
7. Fixed password disclosure in source code whenadministrator logged in. Others:
1. Fixed IPTV related issues.
2. Fixed Parental control check box UI issues.
3.Fixed wake on lan magic packet sending issue.
4.Fixed IPv6 related issues.
5. Modified the FTP permission setting UI6. Modified the 3G/LTE dongle setting process in quick internetsetup wizard.
页:
[1]