386.14_2 Hacked? 'Unrecoverable' Guest network issue

[Tech9]

If you can live with the way it looks and the larger physical size - GT-AX6000. It's basically the same hardware as RT-AX86U Pro, but with better 4-stream 2.4GHz radio and additional 2.5GbE port. Also has 3006 "Pro" firmware available for it with the same features.

 

[Natty]

Thanks. GT-AX6000 is looking like a good choice at the moment. However, I note that ASUS downloads page for that model only has 3006 Asuswrt firmware. From this post https://www.snbforums.com/threads/gt-ax6000-aimesh-clients-getting-knocked-off.93102/post-936265 it looks like I won't be able to flash Asuswrt-Merlin, at least not until that gets onto the 3006 codebase. So if I'd bought an older one that shipped with 3004, Asuswrt-Merlin upgrade is supported, but if the new one is supplied with 3006, I won't be able to enjoy the security and stability of Asuswrt-Merlin just yet. Is that correct?

 

[bennor]

it looks like I won't be able to flash Asuswrt-Merlin, at least not until that gets onto the 3006 codebase.

There is already Asus-Merlin Alpha 3006.102.4 firmware for the GT-AX6000.

[ 3006.102_4 alpha Build(s) ] available build(s)

https://www.asuswrt-merlin.net/test-builds This Alpha builds gives no support as they are in early state. Report any findings so they can be fixed in next alpha/beta release. 2025-18-03 3006.102_4_alpha2 is out. 2025-25-03 3006.102_4_alpha2 is out-g774261a90a 3006.102.x (xx-xxx-xxxx) -...

www.snbforums.com

Pre-beta test builds

 

[st3v3n]

Thank you for your thoughts @bennor. Re-flashing and restoring a previous known good config & JFFS restored normal operation. I agree that h/w failure can cause Wi-Fi issues, but I think in my case this can be ruled out because replacing the 1s and 0s fixed it.


@st3v3n different issue resulting from change to ASUS privacy policy. There are many posts on that irritating feature, and there is a browser script blocking work-around given by @Yota that I found useful: https://www.snbforums.com/threads/a...ilable-for-ac-models.91060/page-9#post-928691 The present issue affects guest network clients.


Stock 3.0.0.4.386_51733 would be my next port of call if this happens again (which I'm expecting it will eventually).

It would be great to know if 386.14_2 already has the security improvements of 3.0.0.4.386_51733 (I suspect it does not), but I think if we asked @RMerlin he would probably say (as he has said before) that the info provided by ASUS is insufficient to answer this.

In this single case, the ISP was knocked offline in the latest round of cyber attacks, and when their network failed, both killswitches in our Merlin/Asus OPVN clients worked instantly. Nothing apparently got through, however what I took to be the 'stock' Asus agreement began popping up the instant I logged into the router and on every single tab in the interface, demanding 'OK' be clicked. I couldn't track anything in the log where it came from or if ticking the OK (that I had read, not accepted, any Asus agreement, so since couldn't block it, it was just so out of the ordinary I instantly pulled the router out of service for testing.

Except for comparison tests, I haven't run stock Asus FW for years, so I replaced the Rog GT-AC2900 running Merlin v386.14.2 with it's identical twin router, running v386.12. Thus far, running Trend Micro or not running Trend Micro, there has been no reappearance of the stock Asus 'read this (then check OK) notice. The interface can't be used unless you verficy you read that notice, but for every single tab change? Supposing, since I've never found any other instance of this suddenly occuring on any other Asus model previously, running either Stock Asus or Merlin's FW, if someone with Asus decided out of the blue, to find and stream of insert a stock Asus User Notice into a perferctly running Asus router, running a recent version of Asus of Merlin FW, it would be a one-shot, click OK that the user has read it, and not continuously interfere by repeating on each and every tab the user clicks in the interface, ergo; it seemed immediately suspicious as hades, so I leaned into calling it a hack.

Am slowly testing/working forward from Merlin v386.10, to v386. 12, to v386.14, etc, each time wiping/defaulting the router and reinstalling Merlin and all paramters and FW OPVN clients from scratch. It's time-consuming to perform offline, and I never restore any saved configs to a working router, as doing so tends to introduce the same problem, bug or hack. So far, all tests are A-OK.

Asus released new stock FW in March '25 for the RT-AC86 and it's dressed up '86 brother), Rog GT-AC2900, so will make time to look at on of those releases as time permits. I know these routers are declared EOL by Asus and Merlin as of Dec 2024, but any new release may trickle down, and if so, it should help. As of today no one has yet reported any hinkiness with thes particular new Asus FW builds, and none of the repetitive Asus 'read/click OK' notices . I know that it's definitely not funny and, it's not an April fool's joke. Beware and take care out there, Cheers, S.

 

[Tech9]

Is that correct?

No, you can still flash 3004 Asuswrt-Merlin in Recovery.

Am slowly testing/working forward from Merlin v386.10, to v386. 12, to v386.14

The privacy notice came with Asuswrt-Merlin 386.14 and it's not present in stock Asuswrt.