ASUS官網 4月24日更新 RT-AC68U/ AC56U/ N56U 固件版本 v3.0.0.4.374_5656

白巨斗 · 发表于 2014-4-24 13:14:57

本帖最后由 ada_qian 于 2014-5-12 09:30 编辑

ASUSWRT 4月24日發佈FW v3.0.0.4_374_5517啦
支持的路由器有：RT-AC68U，RT-AC56U，RT-N56U

更新內容參见附件

20140421- 3.0.0.4 build 374 extend no5656

RT-AC68U/ AC68R/ AC68W

Securityrelated issues:

1.Fixed password disclosure in source code when adminstrator logged in.

2. Changed OpenSSL Library from 1.0.0.b to 1.0.0.d. Both OpenSSLversions are not vulnerable to heartbleed bug.

Others:
1.Fixedwake on lan magic packet sending issue.
2.Fixedfalse alarm for samba and ftp permission.
3.FixedIPv6 related issues.
4.Samba/media server/ iTunes server name can be changed.

Specialthanks for David and Joaquim Brasil de Oliveira’sresearch

CVE-2014-2719 http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html
CrossSite Scripting: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2925

RemoteCommand Execution: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5948

RT-AC56U/ AC56R

Security related issues:
1. Fixed remote command execution vulnerability
2. Fixed parameters buffer overflow vulnerability
3. Fixed XSS(Cross Site Scripting) vulnerability
4. Fixed CSRF(Cross Site Request Forgery) vulnerability
5. Added auto logout function. The timeout time can beconfigured in - Administration--> System
6. Included patches related to network map. Thanks for Merlin'scontribution.
7. Fixed password disclosure in source code whenadminstrator logged in.

8. Changed OpenSSL Library from 1.0.0.b to 1.0.0.d. Both OpenSSLversions are not vulnerable to heartbleed bug.

Others:
1. Added universal beamforming to enhance the wireless speed fornon 802.11ac devices
2. Fixed IPTV related issues.
3. Modified the 3G/LTE dongle setting process in quick internetsetup wizard.
4. Fixed the Cloud sync problem
5. Fixed Parental control check box UI issues.
6. Modified the FTP/ Samba permission setting UI
7. Modified media server setting UI
8.Samba/media server/ iTunes server name can be changed.
9. Dual wan fail over now support fail back
10.Fixed wake on lan magic packet sending issue.
11.Fixed false alarm for samba and ftp permission.
12.Fixed IPv6 related issues.
13.Supported HFS+
14.Supported Time machine

Specialthanks for David and Joaquim Brasil de Oliveira’sresearch

CVE-2014-2719 http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html
CrossSite Scripting: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2925

RemoteCommand Execution: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5948

RT-N56U

Security related issues:
1. Fixed remote command execution vulnerability
2. Fixed parameters buffer overflow vulnerability
3. Fixed XSS(Cross Site Scripting) vulnerability
4. Fixed CSRF(Cross Site Request Forgery) vulnerability
5. Added auto logout function. The timeout time can beconfigured in - Administration--> System
6. Included patches related to network map. Thanks for Merlin'scontribution.
7. Fixed password disclosure in source code whenadminstrator logged in.

Others:
1. Fixed IPTV related issues.
2. Modified the 3G/LTE dongle setting process in quick internetsetup wizard.
3. Fixed Parental control check box UI issues.
4. Modified the FTP/ Samba permission setting UI
5. Modified media server setting UI
6.Samba/ media server/ iTunes server name can be changed.
7.Fixed wake on lan magic packet sending issue.
8.Fixed false alarm for samba and ftp permission.
9.Fixed IPv6 related issues.

Specialthanks for David and Joaquim Brasil de Oliveira’sresearch

CVE-2014-2719 http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html
CrossSite Scripting: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2925

RemoteCommand Execution: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5948

微信扫一扫，阅读更方便^_^