Malware damaging ASUS routers?

[Ripshod]

if your radio modules do not work, this is a hack
you can restore the work, for this you need to restore the factory settings of the device

I have had two wifi failures not caused by a hack. I was trying some rather exotic wifi settings and in both cases both 2.4 and 5GHz failed with Mac addresses of 00:00:00:00:00:00. Obviously I've recovered from both events, but they were not caused by external "hacking". By your definition, I hacked myself.

 

[giosita]

I have had two wifi failures not caused by a hack. I was trying some rather exotic wifi settings and in both cases both 2.4 and 5GHz failed with Mac addresses of 00:00:00:00:00:00. Obviously I've recovered from both events, but they were not caused by external "hacking". By your definition, I hacked myself.

I understand that this could happen in the case of specific/exotic settings within the Wi-Fi configuration - though, in theory, firmware should prevent users from making any changes that could cause permanent damage.

However, in my case, as well as in almost all the others, if I understood correctly, no particular adjustments were made to the Wi-Fi settings.

Therefore, I am inclined to rule out user error for these particular instances.

Two plausible hypotheses are: (1) malware, or (2) a firmware bug or misconfiguration triggered by another factor.

 

[kaktus]

I'm very curious if the Merlin releases are also affected with this security issue, because I cannot find anything on the Merlin github website.

 

[CrashXRu]

I have had two wifi failures not caused by a hack. I was trying some rather exotic wifi settings and in both cases both 2.4 and 5GHz failed with Mac addresses of 00:00:00:00:00:00. Obviously I've recovered from both events, but they were not caused by external "hacking". By your definition, I hacked myself.

if you executed a series of commands from the console and accidentally deleted it, then it can be

but if you did something from the web, then it is not possible. You do not have access to factory settings

I'm very curious if the Merlin releases are also affected with this security issue, because I cannot find anything on the Merlin github website.

yes, they are affected. But you won't see any changes, because it's proprietary software. new SDK haven't been sent out yet

 

[sfx2000]

Do you have any recommendations about protection steps to take for routers with no firmware update available?

Yes...

Time to responsibly put it in the e-Waste pile...

 

[Oniiz86]

Very interesting indeed. This is the MIPS router from 2012:

View attachment 62287

I personally never expected to see a new firmware for this long time EoL product, but shows level of care.

I know it's off-topic here but I missed it initially & what is even more bizarre is that they have given this update to their very old RT-N66U which I believe was released sometime in 2011, very baffling.

 

[DJones]

@Tech9 Glad I noticed this, since it’s not under Merlin or or Wifi 5 routers, but seems to pertain to cloudai. Should I assume this affects the 3.0.0.4 & 3.0.0.6 codebase?

Has anyone determined what country of origin the upload of data is being sent to or a specific ASN of servers.

Wonder if @RMerlin is going to push a fast patch if it’s determined how exactly the malware is being exploited. Seems ASUS is primarily to blame for this even though I understand that this may not be specific to only ASUS routers.

 

[Tech9]

Wonder if @RMerlin is going to push a fast patch if it’s determined how exactly the malware is being exploited.

You have to ask RMerlin about firmware update plans. At the moment only patched stock Asuswrt is available.

 

[Tech9]

Still no firmware update for popular and most affected RT-AX86U/S models. RT-AX88U is on the same boat.

 

[paliyoes]

Hi,

I'm one of the "fortunate" owners of an AX86U router that started having peaks of outgoing traffic causing the network to be useless, and suddenly the password I set since 2021 was "incorrect" hence, I followed the recommended procedure "in case" you forgot your password for the admin user and sadly I now have, what it was a 300€ wireless router at the time, an expensive non wireless router, provided that I after factory reset the router the wireless network don't work and I got the now more famous "The country code is not exist!"

I'm based in Spain, and I saw several members of this forum were able to help to restore the wifi system for the router, I would be forever grateful if someone could lend me a hand into trying to make my router useful again.

I already try to reach Asus customer service, but provided my router is out of warranty I can not find where I can contact them to let them know they screwed it big time.

 

[kaktus]

That’s a pretty f***ed-up situation :-(. I hope there somebody can develop a method to restore bricked devices via serial connection.

 

[Ripshod]

That’s a pretty f***ed-up situation :-(. I hope there somebody can develop a method to restore bricked devices via serial connection.

There's a method that doesn't use serial, but it has to be tailored to each and every router.

 

[Tech9]

The best possible method is perhaps Asus firmware update restoring whatever was deleted in configuration. I don’t know if this is possible though. A special tool has to be developed and included for this purpose alone.

 

[DJones]

Backup your partitions now. ;p

 

[paliyoes]

Were you using any of the AI Cloud services or have wan open or any services exposed to the internet?

I had the router registered in the domain of Asus cloud for making it easily reachable my computers from wherever I was.

 

[gggirlgeek]

Me too! Wifi is gone and no usable MAC address. Also, Network status on the Merlin/Asus interface says no Internet connection, even though I can browse the web on all devices connected with Ethernet.

In addition, Windows 10's Network Icon shows "No Connection", and shows, "No Network Connection" in Network Sharing Center.... I've allowed NO Windows Updates at all.

I got a cheap new TP-Link router, and, even though Wifi is working on it, Windows 10 still shows the same thing, even when connected over Wifi (the new router is not connected to the old Asus router, just to my wall Jack (High speed Fiber).

I restored a good copy of Windows 10 from backup, from 2 years ago, onto a new partition. The same thing shows for Network status????? WTF???

I fresh-installed Windows 11 onto another partition: Networking works great. It also worked fine with the old broken Asus/Merlin router (except for Wifi of course.) WHY WINDOWS 10 ONLY?

No other devices are having problems, not Android or Roku.

Guess I'll be PMing @ColinTaylor to see if he can walk me through saving the $200 router, and how to prevent this disaster. *Sigh!*

 

[iFrogMac]

Since I'm done with my network upgrades and find everything working as expected, decided to power off the new Router, and put the RT-AX86U back as the main router for a bit with a totally clean setup with all cloud and router sharing features off and with remote access off just to see if anything happens to it, or if Asus ever decides to update the firmware for this model. All the threads I've read have me interested as well as to how this is going to be resolved in the big picture.

So far, my RT-AX86U works s notmsl, and haven't seen any of the described behavior yet. I'm even more curious now after reading the person getting the issue without having AICloud, or other features enabled that would typically trigger this to happen.

 

[kaktus]

Me too, I reverted back from the latest Merlin to the latest stock.
I do not use any of the AiCloud features, and also disabled the Wireguard server just to be sure and minimize external exposure.
I hope Asus will provide the updated AiCloud and other closed source components soon, so I can switch back to Merlin.

 

[gggirlgeek]

Me too, I reverted back from the latest Merlin to the latest stock.
I do not use any of the AiCloud features, and also disabled the Wireguard server just to be sure and minimize external exposure.
I hope Asus will provide the updated AiCloud and other closed source components soon, so I can switch back to Merlin.

I tried reverting back to Asus Stock on my RT-AX86U. IT fixed nothing, other than letting me log in again. I don't get the country code prompt, but the MAC address is still borked with a bunch of 0's. I tried putting in a custom MAC but the status of the Internet Connection remained "not connected," even though I can browse. No Wifi of course.

I did have the AI stuff enabled, and Asus DDNS, and remote access, but all over https only.

This also happened shortly after I connected some new IoT lightbulbs (AIdot app.) Anyone else?

 

[Treadler]

Still no firmware update for popular and most affected RT-AX86U/S models. RT-AX88U is on the same boat.

Yeah, I’m wondering if my ‘spare’ RT-AX88U might be abandoned…….