• ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

intechtel

New Around Here
Hello!
Starting late last night we started seeing people with Asus routers, the AC87 in particular, having issues connecting to the Internet almost as if it was a DNS issue, but not. Seems to be affecting this model regardless of the ISP the user has, the DNS used, and even on routers running Merlin firmware VS OEM.

You cant access the GUI from the standard 8080 port, but can access via the secure port. After getting in the routers are very slow to respond, and kick you out when attempting to make changes. Also, the router puts you in to the setup wizard when you do get in. Skipping this brings you to the main page with no settings changed or missing from before.

Is anyone else seeing this? As of this writing, I have six folks with this issue.
 

ColinTaylor

Part of the Furniture
Six people out of how many?

Do these routers have the admin interface accessible from the WAN? :eek: There's been recent reports of Asus routers being hacked via this route when using firmware that isn't the most recent.
 
Last edited:

RMerlin

Asuswrt-Merlin dev
Six people out of how many?

Do these routers have the admin interface accessible from the WAN? :eek: There's been recent reports of Asus routers being hacked via this route when using firmware the isn't the most recent.

And even the latest can potentially be hacked. I was notified of yet another vulnerability this week that isn't patched yet (I had the info forwarded upstream to Asus). I don't know if it's exploitable, but it can definitely be used to crash the web server.
 

intechtel

New Around Here
It appears that all eight of the folks that have the AC87s that we manage are affected. Have received a few calls from others about this as well, and they all seem to have the AC87. Perhaps some sort of ASIC exploit?

I went and factory reset one of them, it worked for a bit, and then crashed. Was going to try and flash the latest Merlin release to it, but after initial setup, the web interface was inaccessible.
 

OzarkEdge

Part of the Furniture
Six people out of how many?

Do these routers have the admin interface accessible from the WAN? :eek: There's been recent reports of Asus routers being hacked via this route when using firmware that isn't the most recent.

This is likely off topic but... Google Search gave me a link the other day that put me into the GUI of what appeared to be an open/unconfigured RT-AC5300. That sort of freaked me out... I exited quickly! :eek:

OE
 

The H-Man Cometh

Occasional Visitor
Hello!
Starting late last night we started seeing people with Asus routers, the AC87 in particular, having issues connecting to the Internet almost as if it was a DNS issue, but not. Seems to be affecting this model regardless of the ISP the user has, the DNS used, and even on routers running Merlin firmware VS OEM.

You cant access the GUI from the standard 8080 port, but can access via the secure port. After getting in the routers are very slow to respond, and kick you out when attempting to make changes. Also, the router puts you in to the setup wizard when you do get in. Skipping this brings you to the main page with no settings changed or missing from before.

Is anyone else seeing this? As of this writing, I have six folks with this issue.

Been seeing this issue for more than a month across different models and different firmware versions. Reported the issue here:
https://www.snbforums.com/threads/n...ed-by-quick-internet-setup.44719/#post-383293
but never got any traction. I initially thought it was triggered by power disruption, but saw it again last night across multiple routers. I do think Comcast had issues in our area last night, so the issue may also be triggered by temporary loss of WAN connectivity?

Reported directly to Asus tech support a few weeks back... sent them logs and router config backup from one of the affected devices running stock firmware. Their only suggestion was to update firmware to 384. I have not (yet) seen the issue on any device that's been updated to 384.3 or later (have not tested 384 Asus stock firmware), but based on last night's issues, would have expected a 384-configured device to have experienced the issue if it was still affected. Would certainly be nice to understand what's happening... doesn't seem like a problem that should require an update to 384 firmware to resolve, but not sure what setting(s) to try changing at this point.
 

OzarkEdge

Part of the Furniture

ColinTaylor

Part of the Furniture
That looks like it except it was a much different URL (had west4 or 4west in it) which I cleared recently.
I think I've found it here. It's hosted in Amazon's us-west-2 region. I think both URL's are pointing to the same site actually.
 

OzarkEdge

Part of the Furniture
I think I've found it here. It's hosted in Amazon's us-west-2 region. I think both URL's are pointing to the same site actually.

Yeah, that could be it... it was of aws.

OE
 

Johan Hansen

New Around Here
I experience the same issues as the original poster. RT-AC66U running at my office and RT-AC87U at home both went down today. Both of them running Merlin 380.68. I've got a third at my country house which I suddenly can't access the GUI of. However, I can access units behind the router from the outside. All my routers has WAN access on port 8443. Once I added a password in the wizard everything restored to normal operation, including all setting. Took extra care in checking the url to prevent phishing.

Any ideas on whats going on?
 

RMerlin

Asuswrt-Merlin dev
All my routers has WAN access on port 8443.

Not only is the httpd server known not to be secure, but you're also running an old version which contains a number of well-known security issues.
 

RMerlin

Asuswrt-Merlin dev
380.68_2:

Code:
  - FIXED: CVE-2017-12754 security issue.

380.69_2:

Code:
- FIXED: CVE-2018-5999 in httpd (backport from 384_10007)
- FIXED: CVE-2018-5721 in httpd (Merlin & theMIROn)
 

OzarkEdge

Part of the Furniture
Again, this might be off topic but...

So, I upgraded my 2x68U AiMesh to a 2x86U AiMesh today. Then launched ASUS Router app on Android at the node... it was looking for the previous 68U AiMesh and I couldn't find a way to reset the app to the new network. So, I uninstalled and re-installed the app. It asked for router credentials and then proceeded to find my new AiMesh.

I immediately noticed an ASUS DDNS and WAN remote access were automatically configured by the app... it did not do this before! So I went to the router GUI and disabled the DDNS client and WAN remote access. I must have fudged the WAN remote access HTTP/HTTPS/port settings because the next thing I know I'm at the GUI login and can't login.

To save time!, I reset and re-configured and un-installed the damn app... it and the touch interface are too dangerous, imo. Why in the heck is it automatically setting up DDNS and remote access to the router...

OE
 

Sinner

Senior Member
Again, this might be off topic but...

So, I upgraded my 2x68U AiMesh to a 2x86U AiMesh today. Then launched ASUS Router app on Android at the node... it was looking for the previous 68U AiMesh and I couldn't find a way to reset the app to the new network. So, I uninstalled and re-installed the app. It asked for router credentials and then proceeded to find my new AiMesh.

I immediately noticed an ASUS DDNS and WAN remote access were automatically configured by the app... it did not do this before! So I went to the router GUI and disabled the DDNS client and WAN remote access. I must have fudged the WAN remote access HTTP/HTTPS/port settings because the next thing I know I'm at the GUI login and can't login.

To save time!, I reset and re-configured and un-installed the damn app... it and the touch interface are too dangerous, imo. Why in the heck is it automatically setting up DDNS and remote access to the router...

OE

The asus app itself enables the remote access and https+http upon setting up a new connection to router with it everytime. To confirm you can uninstall/reinstall the app and connect again. It will be back
 

Netbug

Regular Contributor
All my routers has WAN access on port 8443.
Any ideas on whats going on?

Why not disable and setup a vpn server on you're router? so much secure. Not criticising just a suggestion, you probably have you're reasons.

I couldn't sleep at night if i had WAN access enabled :eek: lol
 

OzarkEdge

Part of the Furniture
The asus app itself enables the remote access and https+http upon setting up a new connection to router with it everytime. To confirm you can uninstall/reinstall the app and connect again. It will be back

Yep, I discovered that with the current app and 2x86U AiMesh. But, this did not happen with the previous 2x68U AiMesh... I'm absolutely sure of this because I've been reviewing AiMesh security regularly during this trial.

ASUS: No app should be automatically and secretly enabling remote access to a private network. Absolutely unacceptable.

OE
 
  • Like
Reactions: hfm

intechtel

New Around Here
This is the response that I received from the ASUS security team:

Hi,

Please reboot RT-AC87U, disable the access from wan and download the general log and send back to us for analysis.

We also need the following information: (1) firmware version (2) AiProtection enable or disable

After download the log, please reset your RT-AC87U and change the login password.
 

Sinner

Senior Member
Yep, I discovered that with the current app and 2x86U AiMesh. But, this did not happen with the previous 2x68U AiMesh... I'm absolutely sure of this because I've been reviewing AiMesh security regularly during this trial.

ASUS: No app should be automatically and secretly enabling remote access to a private network. Absolutely unacceptable.

OE

Agreed but alas they have just corrected that very thing today and updated the app yay!
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top