Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Does anyone maintain a list like this one for vulnerabilities in open source router firmware ?


Given they are all continuously updating its unlikely such a list would exist. The way this usually works for open source software is that the vulnerability isn't made public until the software patch has already been issued and its very rare to get anything other than "security issue fixed" in the changelogs anyway. The answer should be on the latest version of the firmware no outstanding known vulnerabilities or very few.

The entire problem is that most of these routers haven't received updates in years from the manufacturers, they are abandoned. The open source firmware's are not abandoned and are continuously getting updates for their underlying packages from Linux/NetBSD even if they aren't doing substantial development themselves. What vulnerabilities that do exist and are not getting fixed will be in the hardware binaries for wifi for the FreshTomato supported routers and those usually listed as poor or no wifi support in openWRT, that is about it.


The last release of Gargoyle was last year, and Shibby Tomato went silent several years ago, probably taking a lot of older routers out of 3rd-party ROM updates.

Many router ROMS don't come out as often as is necessary to address exploits in a timely manner.


Most router ROMs are developed in the same haphazard fashion as phone ROMs on xda-developers. Only a few like OpenWRT are actually run like a desktop Linux distro, with a well-defined and managed release process and stable branches.


Gargoyle is based on OpenWRT, but has extensive options for bandwidth control of individual devices/MACs, plus the ability to force everything to use Tor.

I don't know how UDP would work over that routing, and if QUIC would work (at all).

I imagine that this can be done with OpenWRT, but many plugins and custom configuration would be required to achieve equivalent functionality.


Last time I checked, Gargoyle's QoS system consisted almost entirely of obsolete 1990s-style manual classification and prioritization. The only interesting capability it offered was a feature to try to estimate the actual bandwidth you were getting from your ISP in realtime, to tune the overall bandwidth limits of the QoS system.

Unless it's been overhauled to incorporate the lessons of CoDel, fq_codel, CAKE and modern active queue management in general, the QoS portions of Gargoyle can be ignored as a time-wasting anachronism. You'll be better off with vanilla OpenWRT and its SQM package.


Thanks for the sage advice. I have some homework to do.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: