Announcement regarding CVE-2023-32154

is there any way to block the issue using firewall?
maybe it’s useful for someone that still cannot upgrade their router for some reason.

thx

  1. The attacker must be directly connected to the router (no remote exploit)
  2. For use the hack you must useless change the config on ipv6 settings to one unexpected config…

Paste this on router, are the defaults on all versions, if you not changed that for no reason:
/ipv6 settings
set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=yes-if-forwarding-disabled forward=yes

This is dependent on the primary setting as shown, I don't use IPv6, have both of the attribute for the flags set to no.

That screenshot is from v7, on v6 the IPv6 system package is usually disabled and must be enabled to be used, and do not have disable ipv6 on ipv6 settings.