c******n 发帖数: 16666 | 1 https://www.reddit.com/r/netsec/comments/7svj9w/asus_routers_lanside_
unauthenticated_remote_code/
>> Background and summary
AsusWRT is the operating system used in mid range and high end Asus routers.
It is based on Linux, but with a sleek web UI and a slimmed down profile
suitable for running on resource constrained routers.
Thankfully ASUS is a responsible company, and not only they publish the full
source code as required by the GPL, but they also give users full root
access to their router via SSH. Overall the security of their operating
system is pretty good, especially when compared to other router
manufacturers.
However due to a number of coding errors, it is possible for an
unauthenticated attacker in the LAN to achieve remote code execution in the
router as the root user.
A special thanks to Beyond Security SecuriTeam Secure Disclosure (SSD)
programme for disclosing these vulnerabilities to the manufacturer, speeding
the resolution of the issues discovered (see [1] for their advisory). | z*********e 发帖数: 10149 | | a*o 发帖数: 19981 | 3 这些个安全漏洞类的问题讲真的尔等草民也没啥好操心的,辣么多大公司有钱人hacker
都忙不过来谁稀罕hack你一个家庭网络? |
|