Asus Updates Router Firmware

Monday, October 14, 2013 @ 03:10 PM gHale


Asus has a new firmware package for some of its routers that mitigates a DNS Amplified distributed denial of service (DDoS) vulnerability on all the compatible devices.

The fix is Asus version 3.0.0.4.374.979. The update focuses on the Asus’ RT-AC66R, RT-AC66U, RT-N66U (Ver.B1), RT-N66R, RT-N16, as well as RT-N56U wireless routers.

RELATED STORIES
Router Flaw Reveals Password Info
Cisco Patches IOS Vulnerabilities
More Bug Fixes with Cisco
Cisco Patches ACS Server Vulnerability

Besides the DNS vulnerability, version 3.0.0.4.374.979 also resolves a throughput problem that can crop up with an enabled VPN server broadcast, and disables auto-mac clone (for Singapore SKU).

In addition, there is now a roaming assistance option in the Wireless → Professional menu, through which the administrator can help a user switch to a better AP signal faster.

Just last week an update became available for an Asus router that has an authentication bypass vulnerability found earlier this summer.

That vulnerability was in Asus’ RT-N10E brand of routers, sold primarily in Europe, China and South America. Asus is a Taiwanese electronics company.

The problem is once an attacker gains access to the device, they can make their way to a certain website and learn the device configuration without entering log-in credentials, said the a passage on Carnegie Mellon’s CERT Vulnerability Notes Database.

The vulnerability (CVE-2013-3610) allows attackers to view information – including the device’s administrator password – that should only be viewable to authenticated users, by being on the local area network.

Firmware update 2.0.0.25 fixes the vulnerable versions, 2.0.0.24 and earlier and also addresses two other, unrelated issues involving an “abnormal disconnection” and a problem with “IPTV connection stability after PPPoE reconnect.”



Leave a Reply

You must be logged in to post a comment.