2.0.0.7 Warning: Do NOT allow remote access

[brandon]

Today, another forum user let me poke around his router's UI over the internet. That is, he allowed me to access his device from outside of his internal, protected network.

He has installed the 2.0.0.7 version of the firmware, and while the UI is a lot more functional than its predecessor, it is fundamentally insecure.

If you follow the link below, you will find a short (2 minute) screencast of how to bypass authentication with the 2.0.0.7 management interface:
ASUS WL-700gE UI Authentication Bypass

This is the worst security model I've ever seen implemented. It's absolutely ridiculous. Under no circumstances should your router allow access to the management UI from the public internet -- doing so is putting your configuration, personal data, and internal network at risk.

[etheric]

This exploit is for real, the new firmware 2.0.0.7 is not secure at all. The only security you have is that by default it's on port 8080 so there is some security through obscurity; but your router/network isn't safe from others if you have wan access turned on. With just a few clicks you can have full admin access to create new users, find wep keys, ftp data off or launch attacks on other computers on the network..

I'm very disapointed with asus and hope when they release this firmware it has more security than a transparent overlay..

[back2basic]

keep in mind that this image is not created by asus
Its the same as 1.0.4.60only with a different web if created by a russian dude

[brandon]

There are a large number of signs that point to the fact this this is official (but unreleased) ASUS Firmware.

1. The firmware is currently available on an FTP server running at ftp.asus.ru. While this is a Russian TLD, the registration is as follows:

domain: ASUS.RU
type: CORPORATE
nserver: ns1.explosion.ru.
nserver: ns2.roger.net.ru.
state: REGISTERED, DELEGATED
org: ASUSTeK Computer INC
phone: +886 2 28943447
fax-no: +886 2 28907898
e-mail: alex_kim@asus.com.tw
e-mail: alexey_voronkov@asus.com.tw
registrar: REGTIME-REG-RIPN
created: 1998.08.20
paid-till: 2007.09.01
source: TC-RIPN

2. The user-interface still carries a great deal of ASUS branding, including copyright notices.

3. There are hidden layers in the UI (much like the reboot layer shown in the screencast above) that are covered in Chinese characters. It's more likely that ASUS (based in Taiwan) put the Chinese characters there than an enthusiast working in Russia.

Whether or not you're convinced, this appears to be ASUS developed software. Users of the WL-700gE can only hope that by the time the firmware is officially released that this UI will have been completely scrapped or at least overhauled. Further, until it's fixed, the router is completely useless from anywhere but inside your network at home. A lot of the allure of the device is that you can manage your downloads remotely, but I wouldn't dare do that with such an insecure UI.

[zcream]

I have a WL520GU. How would I allow remote access to the UI ? I would think its related to SNMP - but totally at a loss about how to go about it. Does anyone know how to allow remote management to my WL520GU access so a technician can debug why my VOip is not working behind it ?
Thanks!