Menu
What's new
By:
Filters Better Search

Disabling NAT-PMP on GT-AX11000

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Doug Nix

Doug Nix

Occasional Visitor
I use Fing to monitor my network. Recently, I ran a router vulnerability scan and got a message that my router allows unchecked NAT-PMP port forwarding. I went hunting for guidance and found this:

[Wireless] How to disable NAT-PMP from ASUS Router?​


I followed the procedure in the FAQ and found that all of the settings on my router were as shown in the ASUS FAQ. The router still fails the Fing scan. Any thoughts on how to correct this problem?
 
If you have the "Open NAT" tab check that "Enable Port Forwarding" is turned off there as well.
 
Hey, Colin,

I do have OpenNAT, but port forwarding was disabled. I‘m also usIng symmetrical NAT, not full-cone.
 
Thanks, @ColinTaylor. I'd searched the Fing fora, but somehow I missed that post. I've added my voice to the thread. If I hear of a fix from Fing, I'll post the details in this thread.
 
Here’s the workaround. It’s not clear to me whether or not there is a real NAT-PMP vulnerability here.

it seems to be related to the Aura RGB feature on the router. Aura RGB let’s you run colours and patterns on the router’s RGB LEDs. Fun, but not anything more than window dressing. From the web UI, disable the Aura RGB function.

Start by logging in to the router using SSH or telnet. At the command line enter:

Code: 
nvram get aurasync_enable

If the result is = 1, then the Aura function is still enabled. To fix that, enter:

Code: 
nvram set aurasync_enable=0
commit

The commit command will make sure that the change persists after a reboot. You can check that the parameter is correctly set by running the first command again. It should come back = 0.

Reboot the router.

Once the router is back up, open FING and run the router vulnerability test in Fing’s Security tab. It should come back without any errors now.
 
Last edited:
I’ve finally been able to report this as a potential security vulnerability to ASUS via their vulnerability reporting site. We'll see if they respond. If I hear anything from them I will update this thread with details.
 
Last edited:
On May 16, 2022 I received an email from ASUS Security that included a link to download a beta firmware version that corrects the problem with the apparent NAT-PMP vulnerability. I've installed and tested the firmware, and it appears to do the trick. Here's the link: https://www.asuswebstorage.com/navigate/a/#/s/E01336E2A1D645678E142FFC3F5A160FY

Not sure if/when these changes will be included in the production version of the firmware.
 
You must log in or register to reply here.

Similar threads

B
Solved GT-AXE16000 port forwarding for Synology NAS
Replies
3
Views
501
B-dog66
B
M
Release ASUS GT-AX11000 Firmware version 3.0.0.4.388_24328 (December 7th 2023)
Replies
3
Views
2K
RMerlin
RMerlin
d5aqoep
ASUS GT-AX11000 PRO Firmware version 3.0.0.4.388_24721 (5th March 2024)
Replies
0
Views
528
d5aqoep
d5aqoep
V
GT-ax11000 PRO weird issues
Replies
6
Views
273
L&LD
L&LD
d5aqoep
Release GT-AX11000 Pro Firmware Version 3.0.0.4.388_24198
Replies
3
Views
1K
d5aqoep
d5aqoep
Similar threads
Thread starter Title Forum Replies Date
A Just what could be affected by disabling UPnP? ASUS Wireless 3
C Attempting to design an ASUS Mesh Network purposely using a double NAT? Good or bad idea? ASUS Wireless 7

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 793 (members: 18, guests: 775)
Top