Release Asuswrt-Merlin 3006.102.4 is now available

[dave14305]

Appears to be a missing CSS

Edit

Should of said a missing picture referenced by the css

View attachment 66131

Looks like it’s a problem unique to 10Gb ports and missing images.

 

[jamesnmandy]

Does anyone know if this update addresses the CVE-2023-39780 SSH exploit? I figure it does, usually Merlins stuff is ahead of the game. Just wanted to ask specifically since I did not see it addressed in the changelog.

 

[ExtremeFiretop]

Does anyone know if this update addresses the CVE-2023-39780 SSH exploit? I figure it does, usually Merlins stuff is ahead of the game. Just wanted to ask specifically since I did not see it addressed in the changelog.

Old CVE from 2023. Discussion about it here: https://www.snbforums.com/threads/g...gn-affecting-thousands-of-asus-routers.94809/

This article is about the malware itself, not about a new security issue. That malware is getting installed through brute forcing of the login, or through old security issues (one of them going back to 2023 - long fixed).

 

[jamesnmandy]

Old CVE from 2023. Discussion about it here: https://www.snbforums.com/threads/g...gn-affecting-thousands-of-asus-routers.94809/

I assumed as much, like I said every time I ask which is infrequent, Merlins firmware is well ahead. Thanks for taking the time to link as well.

 

[ExtremeFiretop]

I assumed as much, like I said every time I ask which is infrequent, your firmware is well ahead. Thanks for taking the time to link as well.

@RMerlin 's firmware is well ahead. I take zero credit except for finding the link

 

[jamesnmandy]

@RMerlin 's firmware is well ahead. I take zero credit except for finding the link

Ninja edited

 

[small_law]

The Google DNS may be hard coded into the FireTV. If so you may need to block the Google DNS using the LAN > Router page in the GUI. Example (the Gateway IP address is the router's address):
View attachment 66089

I'm sorry, it's a newbie question, why set your metric to two? Wouldn't leaving it blank or setting it to zero zero be more preferable?

 

[bpsmicro]

In case it's of interest, I picked up a shiny new RT-BE92U on Wednesday, immediately put this Merlin release on it and painstakingly set up all my personalization. The only "custom" scripts was a firewall-start that is admittedly a bit on the large side. None of the extra bits were turned on (except I played with SNMP for a while; and gave up).

I experienced multiple crashes over the two days. Sometimes it'd presumably try to restart and simply not, so I'd see the power light on and nothing else (no networking running at all). A power-cycle would bring it back ... for a while.

Tried a factory reset with Merlin and re-entered the minimalist personalization, and still it crashed.

Finally, I factory reset again and put on the latest stock Asus firmware. No crashes so far (6+ hours). I was considering I got bad hardware, but it's looking like not.

I am aware that the "stock" firmware is a later GPL than Merlin. I do have some logs from overnight last night, which has an awful lot of weird stuff in it.

Current plan is to stay "stock" <yech> for now, and when the next Merlin comes out, presumably based on the newer GPL, try again.

In the meantime, if there's any desire to look at what I have for logs in case there's a clue, I'll keep them handy.

Brad.

 

[bennor]

In case it's of interest, I picked up a shiny new RT-BE92U on Wednesday, immediately put this Merlin release on it and painstakingly set up all my personalization.

Did you follow the Asus-Merlin 3006 change log directions to enable the downgrade capabilities when flashing on top of Asus stock firmware 3006.102_37000 or greater?

- NOTE: If flashing on top of Asus stock firmware 3006.102_37000
or greater, then you first need to enable downgrade
capabilities before flashing Asuswrt-Merlin on top
of it. Connect Over SSH, and run the following command:

nvram set DOWNGRADE_CHECK_PASS=1

After that, you can upload Asuswrt-Merlin through
the webui like any regular firmware upgrade.

This is only required when flashing Asuswrt-Merlin
for the first time.

You indicated doing a factory reset, did you try doing a hard factory reset? A hard factory reset is slightly different than a factory reset.
[Wireless Router] When Standard Reset Isn’t Working: Hard Factory Reset - Models list
[Wireless Router] ASUS router Hard Factory Reset - Method 2

1. Turn the router off.
2. Press and hold the WPS button and turn the router on.
3. Power light is on (keep holding the WPS button).
4. Release the WPS button after the power light is off.
5. Reboot your router by manually pressing the power button.

 

[bennor]

I'm sorry, it's a newbie question, why set your metric to two? Wouldn't leaving it blank or setting it to zero zero be more preferable?

In general terms this is how AI explains it:
"The metric in a static route list on an ASUS router indicates the priority of the route; a lower metric value means a higher priority. This helps the router decide which route to use when multiple routes to the same destination exist."

 

[bpsmicro]

Did you follow the Asus-Merlin 3006 change log directions to enable the downgrade capabilities when flashing on top of Asus stock firmware 3006.102_37000 or greater?

Yup. I basically hooked it up to my ChromeOS laptop out of the box to do enough preliminary setup to enable SSH, do the nvram thing, then upload Merlin.

You indicated doing a factory reset, did you try doing a hard factory reset? A hard factory reset is slightly different than a factory reset.
[Wireless Router] When Standard Reset Isn’t Working: Hard Factory Reset - Models list
[Wireless Router] ASUS router Hard Factory Reset - Method 2

Method 2. Well and truly nuked.

 

[bennor]

Yup. I basically hooked it up to my ChromeOS laptop out of the box to do enough preliminary setup to enable SSH, do the nvram thing, then upload Merlin.

Method 2. Well and truly nuked.

You indicated you "... painstakingly set up all my personalization" and were using a firewall-start script that is "admittedly a bit on the large side." As a troubleshooting step if you want to try Asus-Merlin again is to manually configure the router with very the absolute minimum number of non default settings then test the router. Do not use a firewall-start script file until you can verify the router working as expected with the basic limited settings.

Also its entirely possible if one used certain values or settings on an earlier Asus router that runs a different firmware track; those settings may, in likely very rare cases, possibly cause configuration issues with the 3006.102.x firmware. Best to try and use default settings where possible initially to verify the new router is working properly.