Jump to content
Sign in to follow this  

Recommended Posts

Quote

I noticed that the majority of the ESR & EPG Firewalls on our network are locking up due to botnet activity. I ran across the link above and it looks like this activity has been going on for a few months. Are there any work around to stop/prevent this activity? And is there any headway on a new patch being released?

Thanks,
Curt

  • Upvote 1

Share this post


Link to post
Share on other sites

It just started hitting our network hard this past week. We have roughly 50 routers out on our network and had to block access to all to stop the exploit. We average 25 - 30k packets a second and the peak we saw during the attack was 300k plus. On only 50 devices. Completely killed one of our internet access links. Customer Noservice tells me sent me a canned statement when I informed them and the 2nd email said they would forward it to their engineers. The last patch the ESR devices we use was last year 5/16. This is my first post on these forums, but do any Engenius people ever respond on here?

Share this post


Link to post
Share on other sites

I have also been given the generic ,"We're passively looking into it response". With no reassurance that I will even be contacted if the issue is ever resolved. On top of that when I call in I wait on hold for some time and usually talk to the same overworked non-informed tech that answered my last call the day before. According to the sources on the net this exploit was brought to their attention almost 4 months ago. I'm currently looking into some sort of work around to mitigate the issue. But so far aside from swapping the router out with a Netgear or worse a TPLink router I have not found a work around.

Share this post


Link to post
Share on other sites

I've notice this problem on my home router as well. I'm probably going to install OpenWRT on my ESR900 and see how that goes. But OpenWRT firmware isn't compatible with all of these affected firewalls. So I lucked out if I decide to go this route.

Latency caused by my router has dropped me out of online games three times now. Various games and multiple platforms. There are quite a few hits about this issue on the net. But EnGenius has yet to live up to their name and release a patch for it.

As far as a work around settings wise. The only thing I have found is rebooting the firewall restores service briefly and changing the firewall password seems to help for a bit. I even disabled remote management and this made no difference.

Share this post


Link to post
Share on other sites

Looks like a firmware patch was released for the ESR600 and the EGP5000. I was never notified from support about this though and it is currently only listed on their European site. The odd thing is I still receive output when I test the exploit. However all of the fields are blank. I guess it's something.

https://www.engeniusnetworks.eu/downloads

Share this post


Link to post
Share on other sites

Yeah literally 2 days ago and only to a select few. We were using the ES300s for the low price and excellent range for a $30 wireless router. So far we have replaced over 40 with a few sporadic customers left that we will get to. I hate making statements like this, but I will never buy another Engenius product after this. Not because of the exploit. These things happen. It's the response or lack there of that I have issue with. Maybe there are a ton of customers blowing up their support email and they are so overloaded they can't respond. That being said though knowing the exploit was presented to them over a month ago affecting 7 different brands of routers (and from what you said maybe as much as four months ago) this is just a pitiful response time. If you are still going to sell a product you have to at least update the firmware a few times a year. Again I have sympathy if they are getting bombarded by emails because of this issue, but it is a company wide problem when you see the lack of support, follow through, and an ability to fix your mistakes once they happen. Just my 2 cents and then some, but we will box up all of the almost 2k worth of routers in the hopes they will be patched one day. More than likely though we will just use them for target practice since the disk shape would probably fly pretty well through the sky.

Share this post


Link to post
Share on other sites

UPDATE: I don't know how much it played a role complaining on the forums or they were working on it already, but they have released a fix for us on this issue. I'm not certain if they have a release for all version but they have at least shown me that they support their products. Just wanted to say they did a good job after all.

Share this post


Link to post
Share on other sites
On 6/28/2017 at 0:22 PM, Mike said:

Firmware fix for the EnShare exploit for some EnGenius IoT routers are now available. Check out the following article on the EnGenius Help Center:

 

https://engeniustechsupport.zendesk.com/hc/en-us/articles/115009719768

Is there a way to Telnet or SSH into devices that we are unable to reach the customer or remotely manage?

Share this post


Link to post
Share on other sites
On 6/28/2017 at 0:22 PM, Mike said:

Firmware fix for the EnShare exploit for some EnGenius IoT routers are now available. Check out the following article on the EnGenius Help Center:

 

https://engeniustechsupport.zendesk.com/hc/en-us/articles/115009719768

Also, we have noticed that several older firmware versions, namely ESR300 1.1.0 and 1.3.1 will not update with the auto update or manual update.  Any suggestions?

Edited by AG Telco
Additional Information added.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

By using this site, you agree to our Terms of Use.