Author Topic: Heartbleed?  (Read 3768 times)

DXMage

  • Calf
  • *
  • Posts: 1
Heartbleed?
« on: April 11, 2014, 09:35:02 am »
Is Heartbleed a problem for any Buffalo routers?  If so how long before updated firmware is available? I understand that you might not want to publish a list of the vulnerable devices till updated firmware is available.  Silence on this issue would strongly suggest that all Buffalo network devices are vulnerable.  SO with that said can you provide any information regarding this problem?
« Last Edit: April 11, 2014, 11:41:47 am by DXMage »

MamaBrizi

  • Calf
  • *
  • Posts: 1
Re: Heartbleed?
« Reply #1 on: April 11, 2014, 11:37:26 am »
I would also love some additional information! It looks like anything using open source DD-WRT is indeed vulnerable. According to the list of products here, routers that use this technology include:

AirStation N300 DD-WRT Router - WHR-300HP2D
AirStation HighPower N300 DD-WRT Wirless Router - WHR-300HP
AirStation HighPower N300 Gigabit DD-WRT Wireless Router - WZR-300HP
AirStation HighPower N450 Gigabit DD-WRT Wireless Router - WZR-HP-G450H
AirStation HighPower N600 Gigabit DD-WRT Wireless Router - WZR-600DHP
AirStation N600 DD-WRT Router - WZR-600DHP2D
AirStation AC 1750 DD-WRT Router - WZR-1750DHPD

... So the question now is: Which products will be updated by Buffalo, and when can we expect it to happen??

Net7

  • Hating Disclaimers, and loving it.
  • Calf
  • *
  • Posts: 47
  • NeverEnoughBacon
Re: Heartbleed?
« Reply #2 on: April 11, 2014, 02:39:27 pm »
I think the real question is, are you using anything on your Buffalo product that MAKES it vulnerable...

If you dont use things like Remote Admin (IE accessing the Admin of the unit from OUTSIDE your local network), VPN, and a few other things, then it can have the flaw all it wants, but if its not externally accessible, its a non-issue...

Of course if your INTERNAL network gets compromised then they could exploit it from the local/internal network, but at that point, a 64k dump from your router is much less of an issue then the TROVES of information they can mine directly from your PC!


All that being said, asking for F/W updates from ANY company is like banging your head against a brick wall, trust me, my small network of Linksys router's are all now running UNSTABLE (by label only) DD-WRT TIP builds in order to keep up with the advancements and fix's the DD-WRT community provides...
Disclaimer: Buffalo doesn't write my check, consider me a Tech Enthusiast in love with NAS and Network Hardware. On the side I happen to enjoy helping others in need... sometimes... I do buy/referb/sell NAS units on "sites".
Disclaimer Disclaimer: I hate having to make Disclaimer's all the time.