Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
On the wiki, it mentions that the DNS-323 uses an unpatched WU-FTPD v2.6.2, which is vulnerable to exploits. It therefore recommends that you do not open ports on your router to allow external access to the stock FTP daemon.
However, when browsing the source code it appears (to my green eyes) that FW 1.04 introduces a different FTP daemon: Pure FTPd 1.0.21.
Is this secure enough (at this time) to allow for external access? Or am I mistaken about the change in daemon? Thanks.
Offline
Bump ... does anyone know the answer here?
Offline
The secure is sftp and it is not it.
Offline
I know the difference between sFTP and FTP. What I was asking is whether the included FTP daemon in firmware version 1.04 had the same vulnerabilities -- that is to say, bugs -- as FW 1.03.
I recognize that regular FTP transmits data and receives passwords in an unencrypted manner. What I'm wondering is if the FTP daemon has been patched to prevent hackers from using buffer overflows and other tactics to allow execution of arbitray code. (Presumably this is the nature of the "exploits" reported on the wiki.)
Offline