Remote code execution in Asus router firmware

Warning to users of Asus firmware:<p>In the Administration &gt; Firmware Upgrade tab, never rely on their [Check] version button. It&#x27;s consistently inaccurate. It&#x27;s a long-known (and serious) flaw that&#x27;s been like this since day one of these products and still to this day. It&#x27;ll happily report, <i>&quot;The router&#x27;s current firmware is the latest version.&quot;</i>, even if it&#x27;s months behind in vulnerability fixes. Go to Asus&#x27; site for the latest firmware then use the upload option to upgrade. Or, probably better yet, don&#x27;t use their firmware.

Asus released updated firmware it seems, that was quick!<p><a href="http://www.asus.com/ie/Networking/RTAC66U/HelpDesk_Download/" rel="nofollow">http:&#x2F;&#x2F;www.asus.com&#x2F;ie&#x2F;Networking&#x2F;RTAC66U&#x2F;HelpDesk_Download&#x2F;</a>

Worst case is that all publicly accessible routers were rooted en-masse within an hour of this announcement. My solution is an offline factory reset and firmware update.<p>Is there any risk of persistent root on these devices?

Been using &gt; <a href="https://code.google.com/p/rt-n56u/" rel="nofollow">https:&#x2F;&#x2F;code.google.com&#x2F;p&#x2F;rt-n56u&#x2F;</a> on Asus RT-N56U for more then a year now. No issues at all. This firmware is maintained by &quot;Andy Padavan&quot; Changelog here &gt; <a href="http://rt-n56u.googlecode.com/git/changes.eng.txt" rel="nofollow">http:&#x2F;&#x2F;rt-n56u.googlecode.com&#x2F;git&#x2F;changes.eng.txt</a> Latest update was yesterday. You can use Entware package manager to install any of this packages here &gt; <a href="http://entware.wl500g.info/binaries/entware/Packages.html" rel="nofollow">http:&#x2F;&#x2F;entware.wl500g.info&#x2F;binaries&#x2F;entware&#x2F;Packages.html</a>

Question- Lets say you patched this &#x27;too late&#x27; - Would doing a hard reset of the router by holding the reset button of the router actually remove any backdoors&#x2F;exploits? Or is it the case if someone gets root that backdoor will be persistent forever and your only hope is to get a new router? My understanding is that the factory reset only resets the configuration options and does not physically reimage the OS.

There is also a project that provides an open firmware for some of the vulnerable Asus routers:<p><a href="https://code.google.com/p/rt-n56u/" rel="nofollow">https:&#x2F;&#x2F;code.google.com&#x2F;p&#x2F;rt-n56u&#x2F;</a><p>It seems to be active. I&#x27;ve been thinking of switching to it from a stock rt-n56u. Anyone have any experience using this firmware?

Is this vulnerable from the LAN-side only or from the WAN side?

In case it wasn&#x27;t obvious: yet another case of shooting yourself in the foot with your amazing C skills... Will people ever learn to avoid this, since 99,9% of all C programmers simply aren&#x27;t good or meticulous enough to write network-facing code in a safe manner?

An easy hack for disabling many of these additional &quot;features&quot; is just to overload the port by forwarding it to a non-used IP:port.<p>This is only really useful for the Internet side of things for standard manufacturer&#x27;s firmware or if you&#x27;re using WRT.<p>For new routers, this is standard practice for me until a WRT option becomes available. Sometimes you can&#x27;t, I remember not being able to overload something on a Linksys EA6500.

NSA diode candiate, unfortunately :(<p>For edge devices, it&#x27;s a criminal that high security standards are not more pervasive. Though given the nature of retail products, it&#x27;s not a big surprise even though it is still disappointing. (How many of these boxes even work for longer than 5 minutes without spontaneously rebooting (crashing) or having a xfer rate within an order of magnitude of the channel bandwidth?)<p>PS: If there were a minimal OpenBSD&#x2F;(x86|arm) based pfSense-alike project that could be easily themed, minified and plugin-ed, that would rock... and potentially dramatically reduce the attack surface by reducing the duplication of awful embedded web app implementations. (Yes, there are DDWRT and other Linux embedded network gear projects and pfSense (which is great)... OpenBSD for fewer lines of code.) It seems like what might happen going forward because the existing vendor stacks are often terrible and likely expensive for them to maintain. (Kickstarter for hw+sw or enterprise &quot;crowd&quot;-funded perhaps.)<p>Folks requesting pfSense ARM support: <a href="https://forum.pfsense.org/index.php?topic=34707.0" rel="nofollow">https:&#x2F;&#x2F;forum.pfsense.org&#x2F;index.php?topic=34707.0</a>