Port 9999 isn't completed disabled by the security fix, I merely disabled the specific function in infosvr that allows executing any arbitrary command over port 9999. That port is still used by infosvr for other things. I suspect it might be used by Asus's printer sharing utility for instance.
Question- Lets say you patched this 'too late' - Would doing a hard reset of the router by holding the reset button of the router actually remove any backdoors/exploits? Or is it the case if someone gets root that backdoor will be persistent forever and your only hope is to get a new router? My understanding is that the factory reset only resets the configuration options and does not physically reimage the OS.
Or does simply upgrading to the latest patch remove any backdoors?
Question- Lets say you patched this 'too late' - Would doing a hard reset of the router by holding the reset button of the router actually remove any backdoors/exploits? Or is it the case if someone gets root that backdoor will be persistent forever and your only hope is to get a new router? My understanding is that the factory reset only resets the configuration options and does not physically reimage the OS.
Or does simply upgrading to the latest patch remove any backdoors?
True but you seem to be talking about intentional firmware corruption where the builder wrights back doors with access in there codes. I suppose that will always be a risk not only with stock firmware but any firmware. And yes settings in most cases remain intact but its still always a good idea to clear nvram with a factory reset after a firmware upgrade.
Question- Lets say you patched this 'too late' - Would doing a hard reset of the router by holding the reset button of the router actually remove any backdoors/exploits? Or is it the case if someone gets root that backdoor will be persistent forever and your only hope is to get a new router? My understanding is that the factory reset only resets the configuration options and does not physically reimage the OS.
Or does simply upgrading to the latest patch remove any backdoors?
The only way to be 100% sure would be to reflash the bootloader, reflash the firmware, and do a factory default reset. Now, the likelihood of any exploit having overwritten the bootloader with exploit code is very, very unlikely. It would require advanced technical know-how, and require so much effort that someone might have done it if you were a bank and there were millions of dollars at stake. But for access to your personal stash of photos? I'd say just reflash the firmware, followed by a factory default reset if you don't feel safe, and reformat any plugged USB disk. After that, change any password that was stored in your router: PPPoE, DDNS, router access, etc...
Try rebooting the router first and waiting a few minutes before you try logging in again.
Also, make sure you've cleared your browser cache and possibly reboot the computer you're trying to connect from too.
But if you do have to start fresh, hold down the WPS button while booting up and that will reset the router to factory defaults. I don't see a need to put stock firmware on first, simply install the latest RMerlin firmware if needed and setup the router with a different login name and password than you had previously.
I believe that I have been hacked. There's really only one user using this router, and she reported to me yesterday that she was being asked by the ISP for a login. While the screen was a pretty nice forgery of the ISP's style, the ISP never asks for a login. I clicked on "forgot password" and the information was obviously a phishing expedition. Add to this that the URL wasn't SSL. Users not going through the ASUS RT-AC66W were not having any issues. I had her switch to an access point and the problem went away. The strange thing is that I'm running a much newer version of Rmerlin (378.54_2) than the one he says is fixed.
I believe that I have been hacked. There's really only one user using this router, and she reported to me yesterday that she was being asked by the ISP for a login. While the screen was a pretty nice forgery of the ISP's style, the ISP never asks for a login. I clicked on "forgot password" and the information was obviously a phishing expedition. Add to this that the URL wasn't SSL. Users not going through the ASUS RT-AC66W were not having any issues. I had her switch to an access point and the problem went away. The strange thing is that I'm running a much newer version of Rmerlin (378.54_2) than the one he says is fixed.
Oops. Thanks. It didn't sink in that January 2015 wasn't this year (still living in the past, I guess). I'm running the firmware that was available when I set up the thing back in September. I will install the latest version as soon as I have the time. Until then, it's powered off.
Sorry to crash in on this hijacking, but now it seems that port 9999 has the real use purpose - if this port is blocked by firewall rule, real-time statistics (real-time traffic and system monitor) will not work in Asus router mobile app. I am not sure, if mobile app was even available, when this thread was started...
