subscribe to our Youtube


14455 questions

17168 answers


0 members

We are migrating to our new platform at Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
850 views 4 comments
by anonymous

I have a big sicurity risk issue in FW 06.05.1 found.

On a RUT 950 under Access Control "Remote SSH Access" is DISABLED. I've found several login attemps in Events section from WAN (LTE mobile), but this should be impossible. I've checked the firewall section and found "Enable_SSH_WAN_PASSTHROUGH" is still enabled while it should be disabled. Enable / disable "Remote SSH Access" in Access Control and save the settings have no effect.

After having big sicurity problems with older firmware versions (see cve-2017-8116) and being hacked by metasploit, this looks like the next big security issue...

3 Answers

0 votes
by anonymous

Hello, Ronald.Bernick,

Did a quick test, but I was unable to reproduce the issue. Public IP's are always being scanned by attackers, but this does not mean that they will be able to connect to your device and become a treat to your device security if you got a strong password, which is required by default with new FW versions.

Also after 5 failed attempts IP will be blocked if you haven't turned off this setting:

To check this further, can you provide a troubleshoot file when you got remote access disabled but still get login attempts ? You can send a troubleshoot via PM.

One more question. Have you made any firewall configurations manually ? From the 1st picture it looks like the IP is changed.

by anonymous

Has this been solved?

by anonymous


We tried to reproduce the issue numerus times with different "break in" methods - we was unable to achieve results that  was mentioning.

Without an addition info (TCPdumps or similar logs) - we cannot confirm this as "hack" attempt.

0 votes

Hi  Vilmantas1,

I will send you the troubleshoot file asap.

BR, Ronald
0 votes
by anonymous

Hi Ronald.Bernick, 

I was unable to reproduce the issue.
Can you tell me what configuration was done before you encountered this situation? 


I don't know exactly, because we are managing more than 100 RUT devices for our customers.

I can send you the backup file, you can try to restore and check if you have the same behavior.

Please let me know.

As far as I remember, the only difference compared to a standard configuration is: We use the WAN Port as a LAN Port (option is enabled)
by anonymous

Have you made any firewall configurations manually ?

From the 1st picture it looks like the IP is changed and by default these rules are turned off.