› UKTH forums › 🛜 Wireless Routers & Modems › ASUS & Wireless › many Asus routers compromised Here more infos about this serious backdoor, which can only be removed with newest (patched) firmware and factory-reset, as it is written into NVRAM. https://www.greynoise.io/blog/stealthy-backdoor-campaign-affecting-asus-routers This topic was modified 11... › Reply To: many Asus routers compromised Here more infos about this serious backdoor, which can only be removed with newest (patched) firmware and factory-reset, as it is written into NVRAM. https://www.greynoise.io/blog/stealthy-backdoor-campaign-affecting-asus-routers This topic was modified 11…
Looks good, I assume you are not using IPv6 and under Firewall > General, the Enable Firewall radial button is Selected.
Just be mindful, ASUS routers (Network Services Filter) blocks LAN to WAN packet exchanges and by default ASUS routers block all connections from WAN to LAN.
That’s why part of the objective of this compromise is to enable Remote SSH on port 53282 and the above ruleset stops any traffic leaving via the WAN.
If you are still concerned, try GRC SHIELDSUP (https://www.grc.com) test on the router to see if all ports are in Stealth mode and then try the specific port 53282 just to make sure you are still safe and not compromised in any way.
For Clarity:
CVE-2023-39780 requires authentication for exploitation. This means an attacker must first gain access to the router—either by logging in with valid credentials or bypassing authentication through other vulnerabilities—before they can exploit this flaw.
https://nvd.nist.gov/vuln/detail/CVE-2023-39780
In a completely sane world, madness is the only freedom (J.G.Ballard).
You need to login in order to vote