What's new

Was my router's username and password hacked?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

if you care about your routers safety PLEASE DO NOT open WAN port for the remote access (...)
Wise words.
And it applies to the all ASUS/Merlin/other forks, not only for the ASUS routers (for example customized R7000). They are all hackable.
I'm sure that applies to every consumer grade router out there and not just a particular firmware version or make or model.
 
even the newest Merlin fw is exposed to the exploit, also the stock firmware.
Do you have any supporting evidence to back up that claim? The specific exploit that is the subject of this thread appears to have been fixed by the patch at the beginning of last year (that's not to say there isn't others).
 
even the newest Merlin fw is exposed to the exploit, also the stock firmware
Just curious, are you referring to specific vulnerability or just giving common idea?
 
One thing I've noticed with the ASUS router app is that when you first run it and detects your router - after you login, it enables remote access to the router itself. Also, turning that option off in the app DOES NOT turn it off on your router, you have to go in to the GUI and manually disable it again, after you disable it in the app.

*** and yes, this happens on the latest stock firmware from ASUS! Once the app starts controlling the router, it automatically enables access, and as above, you have to turn it off manually on the app and the router itself.
 
One thing I've noticed with the ASUS router app is that when you first run it and detects your router - after you login, it enables remote access to the router itself. Also, turning that option off in the app DOES NOT turn it off on your router, you have to go in to the GUI and manually disable it again, after you disable it in the app.

*** and yes, this happens on the latest stock firmware from ASUS! Once the app starts controlling the router, it automatically enables access, and as above, you have to turn it off manually on the app and the router itself.

I have not found this to be true.

You have to enable Remote connection in the app as it will prompt you it doesn't do it automatically.

If you do enable it then yes you are going to be opening up yourself to attacks.
 
30minutes ago...AC56U with 389.6 firmware.

SSH was NOT accessible on WAN
HTTPS web interface WAS accessible from WAN but on 8443 port.

short timeline:
@ 8.00am tried the android Asus router app. i've entered the credentials but i was unable to logon. I was about the left for work so i didnt spend time on this.
@ 14:00 i've connected on SSH using OVPN in order to install an update of FreshJR QOS. Everything was fine.
@14:15 i've applied a static IP on my PS4 using device list. For some reason, doing this is resetting a lot of services and the router is re-sconnecting from the internet.
@14.20 dynamic IP was update, router was back online, connected to OVPN and tried to SSH. Access Denied! Web login, Access Denied!

i dont have physical access to the router right now to power-cycle the router, but i've done this many times without any issue. the ONLY difference is that today i've installed the android ASUS ROUTER APP.

so PWNED of SSH glitch?

ulGjlwA.jpg
 
HTTPS web interface WAS accessible from WAN but on 8443 port
If you were hacked it was likely this that caused it. WAN access to webui is STRONGLY advised against, as per @RMerlin
 
Using "admin" as user id and an exposed webui to WAN is another bad idea. You should use something else as login.
 
30minutes ago...AC56U with 389.6 firmware.

SSH was NOT accessible on WAN
HTTPS web interface WAS accessible from WAN but on 8443 port.

short timeline:
@ 8.00am tried the android Asus router app. i've entered the credentials but i was unable to logon. I was about the left for work so i didnt spend time on this.
@ 14:00 i've connected on SSH using OVPN in order to install an update of FreshJR QOS. Everything was fine.
@14:15 i've applied a static IP on my PS4 using device list. For some reason, doing this is resetting a lot of services and the router is re-sconnecting from the internet.
@14.20 dynamic IP was update, router was back online, connected to OVPN and tried to SSH. Access Denied! Web login, Access Denied!

i dont have physical access to the router right now to power-cycle the router, but i've done this many times without any issue. the ONLY difference is that today i've installed the android ASUS ROUTER APP.

so PWNED of SSH glitch?

ulGjlwA.jpg

If you have access through OpenVPN, why use the Android app? I’m sure it looks snazzy, but can you be totally sure of its security? I wouldn’t even use the Asus router app on an Apple device.
 
My money would be on glitch. I wouldn't have immediately jumped on the forums but waited until I could get home to access it locally to do some diagnosis.

i'll see in a few hours. i'm very curious!

ps.jumped on the forums just to post my experience and post an alert that a potential attack is currently in progress.
 
In Merlin’s own words:

“Personally however, I do not recommend opening even HTTPS to the WAN. Asuswrt's web server is poorly secured, and has had numerous security issues over the years. Best to limit it to LAN only, and use a VPN to remotely access it.”

https://www.snbforums.com/threads/e...wan-but-keep-http-from-lan.42521/#post-361843

This guy is probably right :) Although i've changed the HTTPS to a non-common port, giving my less chances to be hacked. But in any case, i totally agree.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top