What's new

Asus Merlin guest wifi security bug

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Enrico85

Occasional Visitor
Hi guys, thanks for the great work.
I found a security bug in the wireless management of guest networks.

creating a guest network with disabled intranet, only traffic to the main subnet is blocked but not to the other subnets present (vpn server).

my network is:

home 1:
ont fiber 192.168.1.X
Asus RT-AC86U 192.168.2.X (main subnet) + 192.168.3.X (openvpn server) [firmware 384.17]

home 2:
ont fiber 192.168.5.X
Asus RT-AC86U 192.168.0.X (main subnet) + 192.168.4.X (openvpn server) [firmware 384.17]

routers create a site to site vpn network

on home 1 RT-AC86U (192.168.2.X) I activated a guest network with disabled intranet.
wireless guest clients fail to reach subnet 192.168.2.X but successfully reach other subnets (192.168.0.X, 192.168.3.X, 192.168.4.X)

for this reason I had to close the guest network and I had to use another device to create a wireless guest network. do you have any advice for this problem?

thanks
 
Hi guys, thanks for the great work.
I found a security bug in the wireless management of guest networks.

creating a guest network with disabled intranet, only traffic to the main subnet is blocked but not to the other subnets present (vpn server).

my network is:

home 1:
ont fiber 192.168.1.X
Asus RT-AC86U 192.168.2.X (main subnet) + 192.168.3.X (openvpn server) [firmware 384.17]

home 2:
ont fiber 192.168.5.X
Asus RT-AC86U 192.168.0.X (main subnet) + 192.168.4.X (openvpn server) [firmware 384.17]

routers create a site to site vpn network

on home 1 RT-AC86U (192.168.2.X) I activated a guest network with disabled intranet.
wireless guest clients fail to reach subnet 192.168.2.X but successfully reach other subnets (192.168.0.X, 192.168.3.X, 192.168.4.X)

for this reason I had to close the guest network and I had to use another device to create a wireless guest network. do you have any advice for this problem?

thanks
Try my script https://www.snbforums.com/threads/y...-merlin-guest-wifi-inc-ssid-vpn-client.45924/
 
I did other tests, the vpn clinets remain reachable (in my config 192.168.3.1 and 192.168.4.2 respond to ping).

The subnet 192.168.0.X is not reachable, great!
 

Attachments

  • Cattura.PNG
    Cattura.PNG
    26 KB · Views: 233
I did other tests, the vpn clinets remain reachable (in my config 192.168.3.1 and 192.168.4.2 respond to ping).

The subnet 192.168.0.X is not reachable, great!
They shouldn't be, as iptables and ebtables block traffic to those interfaces. how are you testing their connectivity? also PM me diagnostics and i can show you the firewall rules
 
Currently, the router's ebtable seems to block only the main subnet.
It looks good to report to Asus and suggest adding rules to block the entire private network.
192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top