Release Asuswrt-Merlin 386.14 is now available for AC models

[badplugin]

@Natty
What is your browser? Default or custom setttings? Do you use a Adblocker?

 

[bennor]

It happened on both router and AP when their web ui both open in tabs in the same browser (firefox).

Does it happen when only one of the web UI's is loaded at a time?
Does it happen in a different web browser or on a different computer/device?

 

[Natty]

What is your browser? Default or custom setttings? Do you use a Adblocker?

Firefox 130.0.1, custom DNS settings (Quad9) DoH enabled, NoScript (router IP address trusted), Adblock Plus.

The EULA pop-up seems a bit random but it happens with Adblock Plus both enabled or disabled when navigating back to the Network Map.

If the EULA pop-up appears, closing the browser (set to clear the cache but retain history and open tabs) then re-opening the browser clears the pop-up without accepting.

 

[Natty]

Does it happen when only one of the web UI's is loaded at a time?
Does it happen in a different web browser or on a different computer/device?

I tried replicating the issue with a single web UI loaded but I haven't seen it when only one web UI is loaded and logged in. Having two web UIs active and logged in from the same browser at the same time seems to be involved in triggering the issue. I have not tried a different browser.

I've also noticed that if the EULA pops up on the Network Map page, refreshing the browser tab clears it.

This next question from my suspicious and ill-informed mind is probably a bit far fetched: If both devices were visiting asus servers without my knowledge to perform some new function that I'm not aware the EULA is licensing asus to provide, could the browser be caching some asus data and getting this mixed up between browser tabs (FF bug and security risk?), triggering the EULA?

 

[badplugin]

Firefox 130.0.1, custom DNS settings (Quad9) DoH enabled, NoScript (router IP address trusted), Adblock Plus.

The EULA pop-up seems a bit random but it happens with Adblock Plus both enabled or disabled when navigating back to the Network Map.

If the EULA pop-up appears, closing the browser (set to clear the cache but retain history and open tabs) then re-opening the browser clears the pop-up without accepting.

@Natty
Is "network.trr.mode" set to 3 in about:config, i don't use Adblock Plus but you should try to just remove it (just disable is not enough imho) and see if Eula is working (reinstall-it after), you also should try the same process for NoScript.
You can also check Quad9 logs if something is blocked.

Off-Topic :
advice 1 : you should replace AdBlock Plus by Ublock Origin or Adguard. (and you must exclude router ip)
advice 2 : i found NoScript good but really boring, jshelter extension is a alternative (exclude router ip)
advice 3 : Firefox getting more and more nasty https://malwaretips.com/threads/firefox-tracks-you-with-“privacy-preserving”-feature.133017/

Edit : Why not trying a other browser just for see, with this one for example : https://chromium.woolyss.com/ if you use Linux pick the Marmaduke one, if windows pick the Hibbiki one

Edit 2 : when Asus EULA's are correctly accepted or refused, they will never come back at least on my ac88u

 

[Natty]

Is "network.trr.mode" set to 3 in about:config, i don't use Adblock Plus but you should try to just remove it

According to about:config, it is set to 3. A quick search says that parameter has something to do with DoH, but I don't know the signigicance of the number.

I haven't used Adblock Plus for many years. I use uBlock Origin, along with NoScript. Its been a busy couple of weeks and I was tired when posting. Apologies for mixing up ublock and adblock. Router IP is already excluded. I always turn off Firefox's "give us your data" oriented features and options. The "invasive" settings in that malwaretips article were already turned off.

If I can get round to it I will create a new Firefox profile without uBlock Origin and NoScript to investigate if the EULA issue still occurs.

Thank you for the tips.

 

[Natty]

I ssh into the router and AP and run the command shown by @badplugin :

AccessPoint@RT-AC66U_B1-XXXX:/tmp/home/root# nvram show | grep -ie "eula"
ASUS_EULA=0
ASUS_NEW_EULA_time=Sun, 01 Sep 2024 00:47:09 +0100
ASUS_NEW_EULA_from=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0
rc_support=mssid 2.4G 5G update usbX2 switchctrl manual_stb pwrctrl WIFI_LOGO nandflash meoVoda movistarTriple app reboot_schedule ipv6 ipv6pt PARENTAL2 dnsfilter am_addons ntpd dnspriv dualwan pptpd openvpnd utf8_ssid printer modem webdav rrsut cloudsync media appnet fileflex timemachine hdspindown diskutility nfsd dnssec dnssec email bwdpi wrs_wbl ookla snmp tor HTTPS letsencrypt ssh vpnc repeater psta wl6 optimize_xbox wifi_tog_btn user_low_rssi bcmfa tcode usericon stainfo realip netool cfg_sync amas bcmwifi conndiag eula proxysta account_binding gameMode ftp_ssl dis11b
size: 54206 bytes (11330 left)
TM_EULA=0
ASUS_NEW_EULA_ts=1725148029
ASUS_NEW_EULA=1

Router@RT-AC66U_B1-YYYY:/tmp/home/root# nvram show | grep -ie "eula"
ASUS_EULA=0
ASUS_NEW_EULA_time=Sun, 01 Sep 2024 01:03:13 +0100
ASUS_NEW_EULA_from=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0
rc_support=mssid 2.4G 5G update usbX2 switchctrl manual_stb pwrctrl WIFI_LOGO nandflash meoVoda movistarTriple app reboot_schedule ipv6 ipv6pt PARENTAL2 dnsfilter am_addons ntpd dnspriv dualwan pptpd openvpnd utf8_ssid printer modem webdav rrsut cloudsync media appnet fileflex timemachine hdspindown diskutility nfsd dnssec dnssec email bwdpi wrs_wbl ookla snmp tor HTTPS letsencrypt ssh vpnc repeater psta wl6 optimize_xbox wifi_tog_btn user_low_rssi bcmfa tcode usericon stainfo realip netool cfg_sync amas bcmwifi conndiag eula proxysta account_binding gameMode ftp_ssl dis11b
size: 57751 bytes (7785 left)
TM_EULA=0
ASUS_NEW_EULA_ts=1725148993
ASUS_NEW_EULA=1

ts parameter and ASUS_NEW_EULA value are the same as @badplugin.

 

[Natty]

I tested using a new Firefox test profile, standard privacy settings, DoH OFF, default protection (Firefox decides when to use secure DNS), no addons. DNS in PC and Router is set to Quad9.

Signing in the Router web UI did not trigger EULA. Presumably the Router remembers that the EULA has previously been accepted. Opening and signing into the AP web UI in a new tab did not trigger EULA for the AP either. However, on navigating back to the Router tab, the EULA is displayed - BOOM.

It seems there is some sort of interraction between the browser tabs. Surely that should not be possible in a secure system? Could the web UIs for Router and AP be sharing some common connection to a 3rd party, for example Asus, and getting these mixed up between tabs? This is well outside my expertise but it seems messed up and suspicious. Is this a bug with Asuswrt-Merlin, or Firefox, or both? Any advice (apart from IGNORE! or don't look at your Router and AP during the same browser session)?

 

[banger]

One of my AC68U in mesh node disappeared for 2 days so had to reboot after 21 days uptime. Was back after reboot.

 

[Yota]

@Natty I'm actually glad you're reporting this issue as well, and it seems like you're experiencing the exact same bug as me.

I'm using Firefox just like you, just a slightly different version, 128.2.0 ESR.

Sorry, I didn't have time to investigate why it was popping up the EULA, I hope it's not a firmware issue, especially considering 386.14 is probably the last Merlin firmware for these older models.


The mitigation I took was to use uBlock Origin rules to block the EULA popup and unlock the scrollbars.

Here are my uBlock Origin rules, replace the IP address with your router hostname or IP address:

! Block annoying EULA pop-ups on router admin pages
192.168.50.1##policy-update-modal
192.168.50.1##body:style(overflow: auto !important;)

I really hope it's not a firmware issue, so this will be the last firmware, the perfect one.

 

[Yota]

I tried replicating the issue with a single web UI loaded but I haven't seen it when only one web UI is loaded and logged in. Having two web UIs active and logged in from the same browser at the same time seems to be involved in triggering the issue. I have not tried a different browser.

I can confirm that just opening the network map page does not trigger the EULA, opening any page in another tab and then opening the network map page (http://192.168.50.1/index.asp ) will definitely trigger the EULA (if not, refresh the page by pressing Ctrl+F5).

This looks more like a bug in the firmware than the browser, although this requires more investigation.

@RMerlin Is there anything we can do to help investigate this issue? You can also reproduce this issue using the latest version of Firefox.

Is "network.trr.mode" set to 3 in about:config

It is related to DoH, 0 is to turn off DoH, 3 forces to use DoH only. Read more here: https://wiki.mozilla.org/Trusted_Recursive_Resolver

But I don't think DoH is related to this issue, it's more like some judgment conditions on the page have problems.

 

[Yota]

Edit 2 : when Asus EULA's are correctly accepted or refused, they will never come back at least on my ac88u

It should be noted that when this EULA pops up, my nvram is the same as yours, and the EULA has been set to off in nvram.

However, it can still pop up in the Firefox browser according to the trigger conditions mentioned by @Natty and I above.


So I think that might be a bug.

ASUS_EULA=0
ASUS_NEW_EULA=1
ASUS_NEW_EULA_ts=1726164138
TM_EULA=0

 

[Tech9]

I still don't see what exactly is the added value of 386.14 over 386.13. According to the changelog one component was updated, WPS button was fixed for a specific model. What was fixed or broken in never released Asuswrt base is unclear, one usable feature was removed and GUI and EULA inconveniences were added. I would prefer final tested working well Asuswrt base with final tested working well Asuswrt-Merlin changes on top. This 386.14 release is more like experimental build on top of an Asuswrt snapshot and is going nowhere down the road since Asus EoL'd the devices already.

 

[Pitchounet]

I'm thinking about to reverse to 386.13 version (if it's possible), cause i have lots of wifi micro-cuts with my AC88U since this update. i don't see anything helping in the debug log.

 

[bibikalka]

I still don't see what exactly is the added value of 386.14 over 386.13. According to the changelog one component was updated, WPS button was fixed for a specific model. What was fixed or broken in never released Asuswrt base is unclear, one usable feature was removed and GUI and EULA inconveniences were added. I would prefer final tested working well Asuswrt base with final tested working well Asuswrt-Merlin changes on top. This 386.14 release is more like experimental build on top of an Asuswrt snapshot and is going nowhere down the road since Asus EoL'd the devices already.

I mean - let's not pretend like Asus was really big on testing everything thoroughly anyway. Lots of issues there that persisted for years.

But yeah - since 386.14 did not fix any of the critical bugs - technically there is not a big reason to update.

The current 386.14 had the unpleasant scrolling issue, but otherwise things have settled a bit since then once the addons were fixed. There is really nothing to complain about.

In case of some future critical security issues I can see @RMerlin updating 386.14 as a courtesy to all and not the prior 386.13_2. So staying in sync here is one of the bigger items for me.

 

[Tech9]

It’s a matter of own preferences. All I know is all Asus AC-class devices are in sync with the EOL list now. Some still have 3rd party firmware support option (Fresh Tomato) and may live longer, others reached end of the road and have to be replaced sooner or later. Last minute changes in Asuswrt base is not helping and only potentially introducing new issues with slim chances for future fixes.

 

[Pitchounet]

I'm thinking about to reverse to 386.13 version (if it's possible), cause i have lots of wifi micro-cuts with my AC88U since this update. i don't see anything helping in the debug log.

Does this update 386.14 need a factory reset?

 

[Natty]

There is an element https://192.168.1.1:8443/js/asus_policy.js that pops up the repeating privacy notice. I'm guessing somewhere among the thousands of lines of code is where @Yota's suggested fix using ublock origin does its stuff. I'll try adding @Yota block rule to ublock origin's "my filters". I'll add two rules, one for router (...1.1), one for AP (...1.2) (not my actual IP addresses) and see how it goes. Thanks for the tip @Yota

! Block annoying EULA pop-ups on router admin pages
192.168.1.1##policy-update-modal
192.168.1.1##body:style(overflow: auto !important;)
! Block annoying EULA pop-ups on access point admin pages
192.168.1.2##policy-update-modal
192.168.1.2##body:style(overflow: auto !important;)

 

[Natty]

Dagnabbit!
In spite of the ublock origin block rule, the privacy notice pops up again. I've never used this feature before, so maybe I made a mistake?

 

[Natty]

It does help to actually enable ublock origin on the router and AP web pages. My mistake was to test the rule with ublock origin turned off. Duh!

All seems to be working now. Thanks @Yota