386.14_2 Hacked? 'Unrecoverable' Guest network issue

[Natty]

RT-AC66U_B1 had been running flawlessly since update to 386.14_2 in Nov 2024. A few days ago, guests with iPhones began complaining they couldn't connect to 2.4GHz guest Wi-Fi. Sys log showed continual connect -> immediate disconnect -> connect cycling, so this was blamed on latest iOS 18.3.2 update, which has casued Wi-Fi issues for some

Today, Android phones refused to connect to 2.4GHz guest Wi-Fi, and although LG smart TV could connect to the 5GHz guest net, it "could not connect to the server" (showing graphic with a break in the link to DNS), so no TV. Power cycling everything did not fix

Router firmware was re-flashed with same version, then config and JFFS backups were restored. Result: everything is working just fine again

Conclusion: something messed up firmware or guest Wi-Fi config in a way that persisted through power-cycling, rendering all guest Wi-Fi useless.

Although RT-AC66U_B1 is no longer actively supported by AsusWRT Merlin, and was ASUS support EOL end 2024, I note that Asus issued ASUS RT-AC66U B1 Firmware version 3.0.0.4.386_51733 on 2025/03/10. Update notes mention security:

1. Fixed the UI issue in Chrome.
2. Fixed client binding issues in Mesh scenarios.
3. Enhanced input parameter handling techniques to improve data processing stability and system security.
4. Enhance system access control mechanisms.

Were these recent security and stability enhancements to ASUSWRT already included in 386.14_2, or is the March 2025 update from ASUS for RT-AC66U_B1 more secure than the last AsusWRT Merlin update for this router?

 

[Ripshod]

I think this may be relevant:

Malware damaging ASUS routers?

This malware damaging Asus routers has to be described in a sticky thread with a warning sign! Update: Asus is releasing patched firmware for multiple models. Check for firmware updates! The changelog for most firmware releases contains the following: 1. Strengthened input validation and data...

www.snbforums.com

 

[Tech9]

I think changing the default font color assuming everyone is using Dark style is wrong:

 

[Natty]

Thanks @Ripshod and @Tech9 for your thoughts.

The router does not expose any services to the WAN. AiCloud, AiMesh, AiProtection are disabled, and passwords are strong. @bennor's post in the AiCloud vulnerability thread linked from the Malware thread:
https://www.snbforums.com/threads/a...ud-vulnerability-01-02-2025.93461/post-940243
says that 386.14_2 contains fixes for AiCloud malware vulnerabilities, which I believe ASUS patched in RT-AC66U_B1 firmware 3.0.0.4.386_51720 last Nov. So, whatever chewed into the guest network must have been something else.

Re-flashing and restoring config fixed the issue, but if the original cause was a vulnerability then it is only a matter of time before it returns. The question of which RT-AC66U_B1 firmware is more secure: Asuswrt-Merlin 386.14_2 (Nov 2024) or ASUSWRT 3.0.0.4.386_51733 (March 2025) remains unknown.

 

[bennor]

Were these recent security and stability enhancements to ASUSWRT already included in 386.14_2, or is the March 2025 update from ASUS for RT-AC66U_B1 more secure than the last AsusWRT Merlin update for this router?

Why not ping @RMerlin and see if he can provide or opine on any updates (in the GPL's or closed sourced WiFi elements) that he's received from Asus. As a troubleshooting test one would load the stock Asus March 2025 firmware and see if anything improves.

Of course one should also check and review any wireless and LAN client that connects to the router to ensure they are not infected with malware or otherwise compromised. Security should be a layered approach. One should also check if anything has changed in their WiFi environment. Are there new WiFi routers in one's area (or even home/business). Is something polluting their WiFi space?

PS: And check to make sure what ever DNS servers the router (and those assigned to client devices) works and is reachable. If using Pi-Hole or similar on one's local LAN, check the setup and logs to see if it may be experiencing an issue that may be flowing upstream to the router. Or its even possible on EOL routers that its a hardware fault or failure manifesting itself.

 

[st3v3n]

We had a similar problem with the GT-AC2900/RT-AC86 series, between v386.14 and v386.14.2. After upgrading from v386.14 to 386.14.2, using the same config on two Asus/Merlin OPVN clients, the router suddenly began receiving an apparently stock 'Asus' user/privacy notice after logging in, which had to be ticked 'OK', but then it continued to reappear on each and every tab throughout the router. We Immeditatly wiped/defaulted the router and performed a complete manual rebuild, beginning with v386.10 (no problems with that build) and will continue the complete wipe/reinstall/rebuild process for each subsequent version until the problems resurface. Unknown if TrendMicro has compromised but no one can be too careful.

 

[Natty]

Or its even possible on EOL routers that its a hardware fault or failure manifesting itself.

Thank you for your thoughts @bennor. Re-flashing and restoring a previous known good config & JFFS restored normal operation. I agree that h/w failure can cause Wi-Fi issues, but I think in my case this can be ruled out because replacing the 1s and 0s fixed it.

We had a similar problem .. receiving an apparently stock 'Asus' user/privacy notice after logging in, which had to be ticked 'OK', but then it continued to reappear on each and every tab throughout the router...

@st3v3n different issue resulting from change to ASUS privacy policy. There are many posts on that irritating feature, and there is a browser script blocking work-around given by @Yota that I found useful: https://www.snbforums.com/threads/a...ilable-for-ac-models.91060/page-9#post-928691 The present issue affects guest network clients.

Why not ping @RMerlin and see if he can provide or opine on any updates (in the GPL's or closed sourced WiFi elements) that he's received from Asus. As a troubleshooting test one would load the stock Asus March 2025 firmware and see if anything improves.

Stock 3.0.0.4.386_51733 would be my next port of call if this happens again (which I'm expecting it will eventually).

It would be great to know if 386.14_2 already has the security improvements of 3.0.0.4.386_51733 (I suspect it does not), but I think if we asked @RMerlin he would probably say (as he has said before) that the info provided by ASUS is insufficient to answer this.

 

[Tech9]

different issue resulting from change to ASUS privacy policy

This Policy agreement screen doesn't come up on stock Asuswrt. Asus never released an official firmware based on what GPL 386.14 Asuswrt-Merlin was based on. See if stock Asuswrt works better for you. I support remotely one RT-AC66U B1 router on stock Asuswrt.

 

[Natty]

Thanks @Tech9. I shouldn't have assumed a reason for the EULA pop up, though I believe it was also reported on stock Asuswrt around the same time, according to @bennor : https://www.snbforums.com/threads/a...ow-available-for-ac-models.91060/#post-918616. Since Oct 2024, I've been turning a blind eye to EULA popping up multiple times by blocking it using an adblocker rule. But is this relevant to the OP issue where guest Wi-Fi became permanently messed up of its own accord?

I'll speculate that the cause was firmware or configuration info became corrupted, as restoring fixed it. Some possible causes: malicious security breach, firmware bug (unlikely as it had worked fine for months), or a high energy cosmic ray flipped a bit in Flash/NVRAM (highly unlikely).

Does what 3.0.0.4.386_51733 (March 2025) is based on differ to what 386.14_2 (Nov 2024) is based on (GPL 386_52805) with respect to security and vulnerability fixes? ASUS download page change summaries don't mention CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 so they may or may not be included. I am unable to determine the answer by experimentation. I'd be grateful to know if the two head revisions are identical with respect to vulnerabilities fixed or if one is more secure than the other?

 

[RMerlin]

Asus has chosen not to include the recent OpenSSL backports fixes that Asuswrt-Merlin contains. Just another proof that people need to stop comparing the two and expecting one to be ahead of the other when they are developed in parallel, not sequential.

 

[Tech9]

security and vulnerability fixes

Plan replacing this router. It's on End-Of-Life list on final firmware unless something critical is discovered. The hardware inside is >12 years old. New routers even lower end models provide much better user experience.

 

[Natty]

Thanks @RMerlin.

The guest neworks went bad again just now, 2 days after a full firmware / config / JFFS overwrite had previously restored it. Updating only the config from the backup file without power cycling restored it.

I conclude that 386.14_2 has been compromised as a router, though I do not know how. I could waste time and try stock Asuswrt, but the writing is on the wall. Time to find a replacement. (agreed @Tech9 )

RT-AX86U Pro was on my shortlist, but I see that is now EOL according to ASUS Singapore https://www.asus.com/uk/support/faq/1051375/ . Any recommendations to fill the gap left by RT-AC66U B1? I like Asuswrt Merlin, though I don't use aiAnything, nor do I run custom scripts. A basic reliable model that has many years of support would be preferred.

 

[Tech9]

RT-AX86U Pro was on my shortlist, but I see that is now EOL according to ASUS Singapore

No. This is a legal compliance document specific for Singapore. They requite minimum support duration, Asus confirmed they will provide the required minimum. This is not End-Of-Life list.

You can see similar document for UK with different support duration period (as per UK requirements) here:

[Networking Product] Duration of Security Update Support (only for UK) | Official Support | ASUS Global

RT-AX86U Pro was on my shortlist

Good choice. Popular around model with good support and reliability record.

 

[bennor]

RT-AX86U Pro was on my shortlist, but I see that is now EOL according to ASUS Singapore https://www.asus.com/uk/support/faq/1051375/ .

RT-AX86U Pro is NOT end of life.
Asus lists their EOL routers here: https://www.asus.com/event/network/EOL-product/
the RT-AX86U Pro is listed as a recommended replacement for certain EOL routers.

 

[Natty]

Thanks @Tech9 for the UK support list. RT-AX86U Pro supported until 31st December 2026, which is 21 months from now. I had a quick look on Amazon uk. Seems a bit pricey given short remaining life.

 

[Tech9]

Seems a bit pricey given short remaining life.

Perhaps is wasn't very clear - this document is unrelated to actual support duration. It's just a confirmation that Asus is in compliance with the UK requirements. And don't expect 10+ years of support for any new product. The business model is different now.

 

[bennor]

Thanks @Tech9 for the UK support list. RT-AX86U Pro supported until 31st December 2026, which is 21 months from now.

Like the Asus Singapore link you posted the UK one is the same. Asus is complying with individual government mandated requirements on product support. That doesn't mean they stop supporting on the date indicated. In fact note what is written. In both they state they "may" provide extended support after the stated date.

 

[Natty]

Thanks both for clarifying.

I'm assuming that models common to Asuswrt Merlin supported models list https://www.asuswrt-merlin.net/about and ASUS UK support list https://www.asus.com/support/faq/1051929/ are worthy contenders. So, what to take a punt on?

• RT-AX86U Pro £206 on Amazon, support until at least Dec 2026.
• GT-AX6000 £185 from Scan UK, support until at least Dec 2026. (Looks ridiculous, are all those antennas actually useful? flat design might be prone to running hot).
• RT-BE86U £255 from Scan UK, support until at lease Dec 2028 (~4yrs support, though I don't need Wi-Fi 7).

Can you let me know your thoughts on these, or if I should consider any other models?

 

[Tech9]

From the list above I would go with GT-AX6000. Also popular around with good support and reliability history.

 

[Natty]

ROG Rapture GT-AX6000 is £200 from Scan UK or Amazon. The £185 (Scan UK) Tuf Gaming AX6000 is a different model with 6 antennas. Both look ridiculous, though that doesn't really matter. I think the latter one is not supported by Asuswrt Merlin.

@Tech9 thanks for your advice. I would value VLAN capability and multiple guest networks. Strong 2.4GHz performance would also be useful as there are some thick walls and wire mesh in ceiling fire breaks. Out of GT-AX6000 and RT-AX86 Pro, which do you think would be best for me?