本帖最后由 ada_qian 于 2014-5-12 09:30 编辑
ASUSWRT 4月16日发布FW v3.0.0.4.374_5517啦
支持的路由器有:RT-AC66U,RT-N66U,RT-N16,RT-N12 (REV.D1), RT-N12HP,RT-N10U
更新內容參见附件
README- ASUSWRT.rar
(13.83 KB, 下载次数: 795)
20140414- 3.0.0.4 build 374 extend no 5517 RT-AC66U/ AC66R
Security related issues:
1. Fixed remote command execution vulnerability 2. Fixed cross site scripting vulnerability
3. Fixed parameters buffer overflow vulnerability
4. Fixed XSS(Cross Site Scripting) vulnerability
5. Fixed CSRF(Cross Site Request Forgery) vulnerability
6. Added auto logout function. The timeout time can beconfigured in - Administration--> System
7. Included patches related to network map. Thanks for Merlin'scontribution.
8. Fixed password disclosure in source code whenadministrator logged in.
9. Changed OpenSSL Library from 1.0.0.b to 1.0.0.d. Both OpenSSLversions are not vulnerable to heartbleed bug. Others:
1. Fixed IPTV related issues.
2. Modified the 3G/LTE dongle setting process in quick internetsetup wizard.
3. Fixed the Cloud sync problem
4. Fixed Parental control check box UI issues.
5. Modified the FTP/ Samba permission setting UI
6. Modified media server setting UI
7.Samba/media server/ iTunes server name can be changed.
8. Dual wan fail over now support fail back
9.Fixed wake on lan magic packet sending issue.
10.Fixed false alarm for samba and ftp permission.
11.Fixed IPv6 related issues.
Specialthanks for David and Palula’s research
CVE-2014-2719 http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html
Remotecommand execution http://seclists.org/fulldisclosure/2014/Apr/58
Reflected XSS: http://seclists.org/fulldisclosure/2014/Apr/59
RT-N66U/N66R/ N66W
Security related issues:
1. Fixed remote command execution vulnerability
2. Fixed cross site scripting vulnerability
3. Fixed parameters buffer overflow vulnerability
4. Fixed XSS(Cross Site Scripting) vulnerability
5. Fixed CSRF(Cross Site Request Forgery) vulnerability
6. Added auto logout function. The timeout time can beconfigured in - Administration--> System
7. Included patches related to network map. Thanks for Merlin'scontribution.
8. Fixed password disclosure in source code whenadministrator logged in.
9. Changed OpenSSL Library from 1.0.0.b to 1.0.0.d. Both OpenSSLversions are not vulnerable to heartbleed bug. 1. Fixed remote command execution vulnerability
2. Fixed cross site scripting vulnerability
3. Fixed parameters buffer overflow vulnerability
4. Fixed XSS(Cross Site Scripting) vulnerability
5. Fixed CSRF(Cross Site Request Forgery) vulnerability
6. Added auto logout function. The timeout time can beconfigured in - Administration--> System
7. Included patches related to network map. Thanks for Merlin'scontribution.
8. Fixed password disclosure in source code whenadministrator logged in.
9. Changed OpenSSL Library from 1.0.0.b to 1.0.0.d. Both OpenSSLversions are not vulnerable to heartbleed bug. Security related issues:
1. Fixed remote command execution vulnerability
2. Fixed parameters buffer overflow vulnerability
3. Fixed XSS(Cross Site Scripting) vulnerability
4. Fixed CSRF(Cross Site Request Forgery) vulnerability
5. Added auto logout function. The timeout time can beconfigured in - Administration--> System
6. Included patches related to network map. Thanks for Merlin'scontribution.
7. Fixed password disclosure in source code whenadministrator logged in. Others:
1. Fixed IPTV related issues.
2. Fixed Parental control check box UI issues.
3.Fixed wake on lan magic packet sending issue.
4.Fixed IPv6 related issues.
RT-N12D1 Security related issues:
1. Fixed remote command execution vulnerability
2. Fixed parameters buffer overflow vulnerability
3. Fixed XSS(Cross Site Scripting) vulnerability
4. Fixed CSRF(Cross Site Request Forgery) vulnerability
5. Added auto logout function. The timeout time can beconfigured in - Administration--> System
6. Included patches related to network map. Thanks for Merlin'scontribution.
7. Fixed password disclosure in source code whenadministrator logged in. Others:
1. Fixed IPTV related issues.
2. Fixed Parental control check box UI issues.
3.Fixed wake on lan magic packet sending issue.
4.Fixed IPv6 related issues.
RT-N10U/N10U B1 Security related issues:
1. Fixed remote command execution vulnerability
2. Fixed parameters buffer overflow vulnerability
3. Fixed XSS(Cross Site Scripting) vulnerability
4. Fixed CSRF(Cross Site Request Forgery) vulnerability
5. Added auto logout function. The timeout time can beconfigured in - Administration--> System
6. Included patches related to network map. Thanks for Merlin'scontribution.
7. Fixed password disclosure in source code whenadministrator logged in. Others:
1. Fixed IPTV related issues.
2. Fixed Parental control check box UI issues.
3.Fixed wake on lan magic packet sending issue.
4.Fixed IPv6 related issues.
5. Modified the FTP permission setting UI 6. Modified the 3G/LTE dongle setting process in quick internetsetup wizard.
|