[Announcement] Removal of AiCloud from Asuswrt-Merlin

[SomeWhereOverTheRainBow]

Yet another major security vulnerability being discovered in AiCloud, so I'm done with it. Next Asuswrt-Merlin releases will be removing AiCloud support.

Use a VPN, or switch back to stock (and deal with the constant security risks associated with it) if you need remote file access.

There is no use in using a VPN, simply leaving a port open leaves the router at risk in general. Using redirect in dns director exposes port 53 leaving that port open for amplification attacks on the wan if the rules are too permissive; in this case redirect skips the filter table making the rules completely open. The same happens with the VPN director. Firewall hardening must be at the forefront.

 

[RMerlin]

here is no use in using a VPN, simply leaving a port open leaves the router at risk in general.

VPN servers have their code audited meaning the risk of compromise caused by running a VPN server are next to nil. Meanwhile, the AiCloud code has 1-2 critical CVEs reported per year lately, the code hasn't been audited by anyone, and being part closed source means nobody can validate its security.