« previous next »
Pages: [1]

Author Topic: WZR-HP-G450H (DD-WRT) & Heartbleed bug  (Read 3999 times)

JaniN83

  • Calf
  • *
  • Posts: 28
WZR-HP-G450H (DD-WRT) & Heartbleed bug
« on: April 11, 2014, 12:47:00 PM »
I have the latest professional firmware (official) installed on the device. When will Buffalo release a new version with the Heartbleed bug fixed, or will they ever? Or would you recommend one from the DD-WRT website? If yes, which one? Thanks.
Logged

coreyh2

  • Calf
  • *
  • Posts: 4
Re: WZR-HP-G450H (DD-WRT) & Heartbleed bug
« Reply #1 on: April 14, 2014, 03:58:56 PM »
From what I've read on the forums its sounds like the fix is only in the source control SVN and builds haven't been made for all models yet.

Although if you aren't using the services listed in here
http://www.dd-wrt.com/site/content/heartbleed-dd-wrtdd-wrt-online-services

You don't have to worry about remote attacks on your router from this exploit. The most common services would be allowing remote administration using ssl and VPN.

You can try online tests on your ip to check

like
https://filippo.io/Heartbleed/
https://sslanalyzer.comodoca.com/

I just get timeouts on my WZR-HP-AG300H
Logged

JaniN83

  • Calf
  • *
  • Posts: 28
Re: WZR-HP-G450H (DD-WRT) & Heartbleed bug
« Reply #2 on: April 14, 2014, 10:57:58 PM »
Hi and thanks for the reply.

My test also ended up in a timeout, I guess it's more of my DSL modem's problem than router problem. But since it was a timeout seems my DSL modem is safe from the attack also.

Anyway, I'm on version "DD-WRT v24SP2-MULTI (09/27/12) std (SVN revision 20025)" on the router, so would you recommend the use of these other DD-WRT firmwares and which one would you suggest?
Logged

coreyh2

  • Calf
  • *
  • Posts: 4
Re: WZR-HP-G450H (DD-WRT) & Heartbleed bug
« Reply #3 on: April 15, 2014, 02:09:37 AM »
there is this thread in this forum for your router.
http://forums.buffalotech.com/index.php?topic=18366.0

If your router is safe from the attack with how its configured and its working you might not want to update.  I'd just wait until that thread updates with a build with the fix and then decide based how well the build is working for other people with your router.

I don't have your router so I can't recommend one myself.
Logged

coreyh2

  • Calf
  • *
  • Posts: 4
Re: WZR-HP-G450H (DD-WRT) & Heartbleed bug
« Reply #4 on: April 16, 2014, 05:48:02 PM »
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=260167

BrainSlayer said
Quote
https nor ssh is affected in all builds. https uses matrixssl and dropbear uses tomcrypt.

openssl is used for freeradius, openvpn, tor, asterisk

so if you have a small router with 4 mb flash, you arent affected since openssl is not even included. if you use a big router with openvpn, you might be affected if tls is used. next beta builds will fix that issue.

So I was wrong amount remote administration with ssh being effected. If you don't use those services you don't have to worry.
Logged
Pages: [1]
« previous next »