Critical vulnerabilities in numerous ASUS routers

If you haven&#x27;t already, go replace your firmware with OpenWRT:<p><a href="http://wiki.openwrt.org/toh/start#asus" rel="nofollow">http:&#x2F;&#x2F;wiki.openwrt.org&#x2F;toh&#x2F;start#asus</a><p>It&#x27;s a much better UI experience, performs better, and with better stability than most OEM firmwares, and it&#x27;s open source so you can inspect&#x2F;recompile the code as needed to satiate your security concerns, install arbitrary software, etc.<p>This is literally the first thing I do with every router I pull out of the box.<p>Unfortunately, ASUS&#x27;s devices tend to use the Broadcom 47xx series chipsets in general, which tend to be not as well supported as newer chipset like the Atheros 7k and 9k variants, which are in most of the recommended devices these days.

The first vulnerability listed isn&#x27;t a huge deal; it only applies when AiCloud is activated, which I suspect most people don&#x27;t.<p>On the other hand, the second vulnerability listed--that UPnP is <i>available on the @#%( WAN port</i>--should have people incredibly upset.

Given the recent NSA revelations, and the various posts discussing software and hardware backdoors, this vulnerability sent me into full-blown paranoia mode.<p>You can&#x27;t trust web service providers, you can&#x27;t trust your ISP, you can&#x27;t trust your gov&#x27;t, you can&#x27;t trust hardware providers. Jesus H. Christ, is there anything left to trust?<p>I&#x27;m starting to feel that by the simple act of connecting a device to the Internet I&#x27;m already compromised which makes me feel dirty.<p>I guess Richard Stallman isn&#x27;t so crazy after all for demanding open source hardware (well, he&#x27;s actually demanding &#x27;free&#x27; hardware). I know that DD-WRT is an open source router firmware, but I&#x27;m not sure whether high-end routers support it.

This kind of consumer NAT boxes have a history of being like swiss cheese. Only use them in bridge mode!

Oh neat, I&#x27;ve got one of these!<p>But I&#x27;ve got DD-WRT on there, so I&#x27;m... good to go?<p>uPNP has been a no-go security wise for a while now though, hasn&#x27;t it?

I have RT-N12, it&#x27;s not on the list. Am I safe, is there some kind of test that would indicate if I&#x27;m vulnerable?

toastman builds have been solid for me: <a href="http://www.4shared.com/dir/v1BuINP3/Toastman_Builds.html" rel="nofollow">http:&#x2F;&#x2F;www.4shared.com&#x2F;dir&#x2F;v1BuINP3&#x2F;Toastman_Builds.html</a><p>also great: <a href="http://tomato.groov.pl/download/" rel="nofollow">http:&#x2F;&#x2F;tomato.groov.pl&#x2F;download&#x2F;</a>

OpenBSD on either Soekris or ALIX and you are done.

Thanks for this post. I am installing ddwrt today!