GL-B1300 Vulnerabilties as reported by OpenVas / Greenbone

Technical Support for Routers
1

Firmware info:

Current Version - 3.027
Compile Time - 2019-09-10 17:26:51

Just scanned my routers with OpenVas / Greenbone, and it reports vulnerabilities in the SSH and SSL configuration (see attached for details):

  • Medium (CVSS: 4.3)
    NVT: SSH Weak Encryption Algorithms Supported (OID: 1.3.6.1.4.1.25623.1.0.105611

  • Medium (CVSS: 4.3)
    NVT: SSL/TLS: Report Weak Cipher Suites (OID: 1.3.6.1.4.1.25623.1.0.103440)

  • Medium (CVSS: 4.0)
    NVT: SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerabili… (OID: 1.3.6.1.4.1.25623.1.0.106223)

  • Medium (CVSS: 5.0)
    NVT: SSL/TLS: Report Vulnerable Cipher Suites for HTTPS (OID: 1.3.6.1.4.1.25623.1.0.108031)

Is this something you can either address in an update, or alternatively provide me instructions on how to securely configure the router to eliminate them?

Thank you in advance.

P.S. whoops, spoke too soon, it’s telling me I can’t attach the details in the report:

image

2

can you send the attachment to suppor@gl-inet.com.

Be sure to attached the post link.

3

Email to support, with report attachment, sent.

4

Weak cipher is a problem for public servers. It is not that risky for local servers.

But as routers can be public and this is a risk anyway, we will upgrade firmware and remove weak ciphers.