Linksys BEFSR11, BEFSR41, BEFSR81, & BEFSRU31 Routers *f

KompresZor · Post by **KompresZor** » Thu Jul 01, 2004 3:14 pm

A vulnerability has been identified with the BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers

A flaw in the built-in DHCP server causes the routers to send BOOTP reply packets that contain sensitive information about traffic running through the devices as well as other random information about the router's configuration.

Link to firmware

Fixed in this version 1.45.11

1. Fixed CGI string attacks issue
2. Fixed UPnP on Windows XP SP2 issue
3. Fixed One way audio issue
4. Fixed NAT-T issue for some VPN connection
5. Fixed DHCP server revision, fill the siaddr to the server address
6. Fixed DHCP (BOOTP) vulnerability issue
7. Added Filter IDENT(port 113) to appear stealth when scanned
8. Added DHCP option 55 support
9. Fixed buffer leakage bug
10. Modified TCP Support RFC 3360 standard
11. Modified PPPoE/L2TP/PPTP fragmentation supports fragmenting 1 packet into more than 3.
12. Modified MTU/MRU function for better handling

so far it didn't break anything

AceCombat · Post by **AceCombat** » Thu Jul 01, 2004 3:33 pm

nice.....thanks for the link

Grendel · Post by **Grendel** » Thu Jul 01, 2004 3:33 pm

Thx for the notice -- going to fix the one here..

DCrazy · Post by **DCrazy** » Thu Jul 01, 2004 4:23 pm

Note that a new version is only available for versions 2 and 1 of the BEFSR41. You can download firmware version 1.45.11 (released June 4, 2004) directly from Linksys.

The latest firmware version for the BEFSR41 v.3 is 1.05.00 and was released April 1st, 2004. Apparently version 3 (the post-Cisco-takeover version) is unaffected.

Teddy · Post by **Teddy** » Thu Jul 01, 2004 7:52 pm

I have version 2(befsr41) and this firmware broke my router.... the router dont refresh the modem imformation when it runs out...causing the internet conenction to stop every hour. It's a know issue that people are having... but linksys dont know when they will fix it>:( if ever>:(>:( The last 3 firmwares havnt worked with my router, and all the people who had the same issues i did with the last releases will find this one wont work for them eather... i dont believe this isnt a problem with all v2 boxes... so im not sure what it up with it...

since i cant go back to 1.44.2 i went out and bought a d-link router, nice to see a router that works out of the box(so far:P) at least upnp actually works for once and i can do file transfers though messenger programs.

DCrazy · Post by **DCrazy** » Thu Jul 01, 2004 9:58 pm

I never had problems with either UPnP or new firmware on my version 2.

That said I like the version 3 MUCH better.

Warlock · Post by **Warlock** » Thu Jul 01, 2004 11:47 pm

i wish i could find a BEFSR11

BAAL · Post by **BAAL** » Fri Jul 02, 2004 4:25 am

Warlock, I have one I no longer use....email me if your interested...

Warlock · Post by **Warlock** » Fri Jul 02, 2004 9:03 am

i got a 4 port one in its place now thanx aney ways

i just wish i didnt give mine away cause to me the 1 ports run better than the 4+ ones

DCrazy · Post by **DCrazy** » Fri Jul 02, 2004 9:16 am

How so? I'm aware of RAM issues (if you daisy-chain more than 4 computers to the router it usually crashes because it runs out of RAM).

kurupt · Post by **kurupt** » Fri Jul 02, 2004 1:38 pm

ive got a 41 ver 2 and it worked. thanks!

KompresZor · Post by **KompresZor** » Fri Jul 02, 2004 3:03 pm

I have a 41 ver2 also...
Teddy did you use the updater built into the router or d/l the update utility form linksys?
I used the utility and it worked flawlessly

KompresZor · Post by **KompresZor** » Fri Jul 02, 2004 3:10 pm

Warlock wrote:i wish i could find a BEFSR11

new egg has them

Teddy · Post by **Teddy** » Fri Jul 02, 2004 6:03 pm

I downloaded the update utility each time i tried a new firmware. And it's not just me who has the problem... when chatting with thier live tech support(which was very easy to use) they would ususally say something like "ya, the past six users before you had the exact same problem". it seems there is a batch of routers out there that are version 2 but have some subtle changes???? I'm not compeletly sure all i know is that the last 3 firmwares have been unusable, and they took down the one that worked(they were saving one of the old ones on thier site as it was known that a batch of us were having trouble with the newer firmwares.)

as far as upnp being broken...it was, read the firmware log where they list what was fixed. It's on the page where you get the updates... its listed there as fixed in several updates(the latest firmware supposedly fixes it with sp2) and even tho they clamed to fix it, it never worked properly. when doing file transfers through msn messenger, i could do only 3 transfers before i had to log onto the router and clean out the upnp forwarding section.

kurupt · Post by **kurupt** » Fri Jul 02, 2004 6:07 pm

yeah, i had a ver2 before this one that crapped out on me. when it worked though it would not take any firmware updates. every time i tried one i had to revert back to the old one to get any kind of functionality out of it

AceCombat · Post by **AceCombat** » Fri Jul 02, 2004 7:01 pm

DCrazy wrote:How so? I'm aware of RAM issues (if you daisy-chain more than 4 computers to the router it usually crashes because it runs out of RAM).

routers have RAM in them?!?!?!?!

Arch · Post by **Arch** » Fri Jul 02, 2004 8:01 pm

AceCombat wrote:
DCrazy wrote:How so? I'm aware of RAM issues (if you daisy-chain more than 4 computers to the router it usually crashes because it runs out of RAM).

routers have RAM in them?!?!?!?!

Good god I hope you aren't serious.

Just to put in my own 2 cents, I have a version 1 BEFSR41 that I got 5 years ago. I've NEVER had any problems updating or had any issues with the router firmware. Everything has been perfect. The BEFSR41 is a fantastic piece of hardware. If you are having trouble updating try doing a hardware reset (hold down the reset button) to restore all the factory defaults.

ccb056 · Post by **ccb056** » Fri Jul 02, 2004 9:22 pm

AceCombat wrote: routers have RAM in them?!?!?!?!

as do hard drives, video cards, sound cards, etc

BUBBALOU · Post by **BUBBALOU** » Sat Jul 03, 2004 4:35 am

OMG what's next?

AceCombat wrote:computers have RAM in them?!?!?!?!

He needs some serious help since his A+training is not working.... wait didn't he say he was Certified!

ccb056 · Post by **ccb056** » Sat Jul 03, 2004 7:35 am

Hell, I'm not even certified and I'm a tech over at a mom and pop's chop shop

Arch · Post by **Arch** » Sat Jul 03, 2004 10:00 pm

Uh oh, firmware updates are too complicated for Jim

WarAdvocat · Post by **WarAdvocat** » Sun Jul 04, 2004 8:48 am

well if anyone is having probs with the new firmware,I have 2 older versions that you can revert to if needed.

kurupt · Post by **kurupt** » Sun Jul 04, 2004 11:55 am

mine kinda of bugged out a few times throughout the day after the upgrade, but i reset the router and all is well now.

i used the stick from a dum-dum pop to do it. yay!

Canuck · Post by **Canuck** » Sun Jul 04, 2004 11:39 pm

The Befsr41 Ver. 3 is what I've been selling, and ya noticed and applied the update.

I upgraded a Ver. 2 and had no probs.

Resets are your friend at times.

JMEaT · Post by **JMEaT** » Mon Jul 05, 2004 1:41 am

I was going to patch, but not after hearing all these horror stories.

Teddy · Post by **Teddy** » Mon Jul 05, 2004 8:30 am

ahhh, xciter got the same bug as me...for the most part it seems to work ok exzcept the dhcp not renewing automatically. For me, when i renew it manually, i get 1 hour, if i click it a second time, it will then give me 24hours....

Jmeat, go ahead and patch as long as you have a working firmware backed up!! Supposedly linksys tech support is emailing me the old version that worked ok.... But that was a week ago, probably will have to get on the chat line and bug them to send it on over again.

WarAdvocat, what older versions do ya have? i'm selling this thing off since it isn't really getting updates anymore and is ususally broken with the new ones anyway.... the bad thing is i cant sell it in it's current state!!

kurupt · Post by **kurupt** » Mon Jul 05, 2004 2:31 pm

for people needing old firmware, try these:

1.44.2z
http://www.opendrivers.com/mydownload/1 ... SRU31.html

1.45.7
ftp://ftp.linksys.com/pub/befsr41/befsr_fw_1457.zip

WarAdvocat · Post by **WarAdvocat** » Tue Jul 06, 2004 6:40 am

I have 2 different versions of the 144x update

1442 and 144z.

Arch · Post by **Arch** » Tue Jul 06, 2004 9:33 am

Newest version works fine on my rev. 1 4 port router. Must be user error

AceCombat · Post by **AceCombat** » Tue Jul 06, 2004 10:38 am

BUBBALOU wrote:OMG what's next?

AceCombat wrote:computers have RAM in them?!?!?!?!

very funny smarta$$. i said ROUTERS

ccb056 wrote:
AceCombat wrote: routers have RAM in them?!?!?!?!
as do hard drives, video cards, sound cards, etc

i know those devices have RAM for Buffer reasons...i never knew Routers had RAM in them though

MD-2389 · Post by **MD-2389** » Tue Jul 06, 2004 12:40 pm

AceCombat wrote:routers have RAM in them?!?!?!?!

Think about it Ace...they're really small computers. They have their own OS, so yeah...its gotta have RAM.

AceCombat · Post by **AceCombat** » Tue Jul 06, 2004 12:52 pm

hey, i learn new stuff everyday. this happens to be something i didnt know.

Warlock · Post by **Warlock** » Tue Jul 06, 2004 2:24 pm

yeah

the high $ ones have hdd and every thang. Heck its like the big time plotters i got to see one with its owen OS witch was prity amazing, they wouldent let me play with it though

i went ahead and got me a 11 and took the 41 back to the office its just i allready have a switch and y would i need to have a 4 port router when i have a 8 port switch sitting on top of it.

the reasion i hate the 41 is i have frends that use it and it gives them all kinda of probs when it comes to sharing files over the network.

Teddy · Post by **Teddy** » Tue Jul 06, 2004 3:14 pm

Thx kurupt, that 1.44.2z firmware was just what i needed!!! hopefully linksys will get it right in the next release(and hopefully it wont take a year to release it...)

kurupt · Post by **kurupt** » Tue Jul 06, 2004 9:12 pm

no problemo

Testiculese · Post by **Testiculese** » Wed Jul 07, 2004 7:19 pm

* Testiculese sets mode -MastersDegree AceCombat

My v2 router wouldn't take the update, but still works fine. I noticed my firmware version is 2.44.2

KompresZor · Post by **KompresZor** » Wed Jul 07, 2004 8:45 pm

They put up a new firmware ver. 1.46 that's supposed to fix the DHCP renewal.

Warlock · Post by **Warlock** » Thu Jul 08, 2004 7:55 am

DHCP for witch side? Lan or Wan

KompresZor · Post by **KompresZor** » Thu Jul 08, 2004 9:03 am

It doesn't say link to version information
I would have to assume that it is designed to fix the trouble that a lot of people have been having with the 1.45.11 update.

kurupt · Post by **kurupt** » Sat Jul 24, 2004 8:19 pm

KompresZor wrote:They put up a new firmware ver. 1.46 that's supposed to fix the DHCP renewal.

july 7th