What's new

Malware damaging ASUS routers?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

At this point, it’s still unclear whether Asus has fixed this flaw (i.e., the lack of proper verification when updating records).

From that website:

"We informed ASUS of this zero-day attack scenario in May 2023, with a promised fix in July 2023."
 
Details of this vulnerability on the Black Hat Briefing here which includes slides that explain the exploitation process in detail.

At this point, it’s still unclear whether Asus has fixed this flaw (i.e., the lack of proper verification when updating records).
As the link you posted indicates Asus "promised fix in July 2023". Per the following advisory from Asus there was a DDNS fix issued in July of 2023:
https://www.asus.com/content/asus-product-security-advisory/
07/25/2023 Strengthening DDNS Security for RT-AX1800U, RT-AX3000, RT-AX3000 v2, RT-AX86U, TUF-AX3000 and TUF-AX5400

The RT-AX1800U, RT-AX3000, RT-AX3000 v2, RT-AX86U, TUF-AX3000 and TUF-AX5400 router models now allow binding DDNS to a user's account to mitigate the risk of Man-in-the-Middle (MITM) attacks. We advise taking the following actions:

1. If you're not managing your router with the ASUS Router App, we recommend installing it. The app can be found by searching for "ASUS Router App" in the iOS App Store or Google Play. For more information about the app, please refer to this link: https://www.asus.com/content/asus-router-app/
2. Update your router to the latest firmware using the ASUS Router App. Here's how you can do it: https://www.asus.com/support/FAQ/1045788/
3. Connect your device to your account: Detailed instructions on how to do this are provided here: https://www.asus.com/support/FAQ/1048185

Please note, if you choose not to connect your device to your account, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger.

(See link for rest of notice)
 
Asus really has to do something fast about RT-AX86U/S. There is another report for damaged RT-AX86U along with connected to it RT-AX82U nodes. Not sure how this malware spreads to AiMesh nodes as well.

 
Asus really has to do something fast about RT-AX86U/S. There is another report for damaged RT-AX86U along with connected to it RT-AX82U nodes. Not sure how this malware spreads to AiMesh nodes as well.

Agree; it seems like all the other Routers are getting updates, yet (one of) the most popular Models (based on the weekly no. of Merlin Downloads alone, not ASUS) is not ... yet.
 

Attachments

  • SF.jpg
    SF.jpg
    71.1 KB · Views: 73
Last edited:
So, here is my question at this point, since I don't need the RT-AX86U anymore after buying the new BE92U, should I just get rid of the AX86U at this point? I had intended on keeping it as a backup router in case of problems, and of course I temporary put it into use to see this issue resolved. At this point I'm seeing more info in favor saying the original RT-AX86U is no longer supported and will no longer get updates, and was replaced by the new Pro model. It's just not officially on Asus' EOL list yet. However, if I type "Is RT-AX86U end of support?" into Google, I get the following response:

"
AI Overview
Learn more…Opens in new tab

Yes, the original RT-AX86U router has been discontinued and is no longer supported:


  • End-of-life
    The original RT-AX86U is no longer manufactured, and its certification, firmware, utility, website, DM, QSG, and manual will not be updated.


  • Replacement
    The RT-AX86U has been replaced by the RT-AX86U Pro, which has a faster processor. The RT-AX86U Pro supports ASUS AiMesh, a mesh-networking technology that can create a whole-home network using multiple ASUS routers.

The RT-AX86U is a dual-band WiFi 6 router that offers fast speeds up to 5700 Mbps and a Mobile Game Mode for low-latency gaming. CNET named it the best gaming router overall, praising its latency management and excellent range."

Since Google usually gives me accurate info on tech related topics. I was just waiting for Asus to officially update the EOL list to make it official.
 
At this point I'm seeing more info in favor saying the original RT-AX86U is no longer supported....
Considering the EOL RT-AC68U just got a firmware update to address the recent security vulnerability, I'd venture to guess the RT-AX86U will get one as well in the coming days. The RT-AX86U last firmware update was just six months ago (2024/05/13 - 3.0.0.4.388_24243).
 
Considering the EOL RT-AC68U just got a firmware update to address the recent security vulnerability, I'd venture to guess the RT-AX86U will get one as well in the coming days. The RT-AX86U last firmware update was just six months ago (2024/05/13 - 3.0.0.4.388_24243).
Right, that's the firmware I have on the router. As I've mentioned though, to make sure I was safe, and also because I wanted access to faster than 1G Ethernet I bought an RT-BE92U. I just felt it was the overall best choice in my case, and if the RT-AX86U did continue to get updates I would have it as a backup router. I just won't have to depend on it as the main router now. Yes, I saw several EOL routers get updates, that's why I find the situation frustrating to deal with. I had actually bought and had been using the new Router prior to even hearing about this Malware. I'll just keep an eye on this thread, and see what happens. Thanks.

EDIT: As far as the AI responses from Google, I'm aware that not all AI is correct in response. Many times though, I have found it contains accurate info, even if it's limited. So, that's why I haven't been quick to dismiss what it says about the RT-AX86U, It's pulling that information from somewhere. I just haven't found an official source at this time.
 
Last edited:
Considering the EOL RT-AC68U just got a firmware update to address the recent security vulnerability, I'd venture to guess the RT-AX86U will get one as well in the coming days. The RT-AX86U last firmware update was just six months ago (2024/05/13 - 3.0.0.4.388_24243).
Well, after reading the AC68U got an upgrade I checked the AC66U B1 and sure enough it too got an upgrade (not surprising they are the same hardware).

So, with an abundance of caution I replaced the AX86U mesh node with the AC66U B1 until the AX86U gets an upgrade.

@Tech9, I agree about the AI stuff. Searching Google recently has resulted in AI answers that were inaccurate or just plane wrong. And the sad part is that the general public will believe those answers!
 
Well, after reading the AC68U got an upgrade I checked the AC66U B1 and sure enough it too got an upgrade (not surprising they are the same hardware).

So, with an abundance of caution I replaced the AX86U mesh node with the AC66U B1 until the AX86U gets an upgrade.

@Tech9, I agree about the AI stuff. Searching Google recently has resulted in AI answers that were inaccurate or just plane wrong. And the sad part is that the general public will believe those answers!
In terms of Google's AI Answers I never took it as the final answer, or official answer. I used it to look for an official source of info that could be backed up. I have seen AI answers that do have correct info as I am familiar with the info given so in those cases I can back up with facts that those answers were correct. The RT-AX86U solution though is a bit harder because there is no proven facts of it receiving a firmware upgrade. It's all just speculation right now and someone's best guess on other information that could potentially lead to people being right and an update to patch the issues is still coming. So as I have said before, I did what I felt best for my situation and didn't rely on other people to cover my back in a solution.
 
any reason the AX86U update is taking longer than other models to come out? even my unpopular AX58U, which i use as a nod, got the update almost a week ago !
 
I don’t see RT-AX86U and RT-AX88U on Asus EoL list so whatever Google AI is saying is irrelevant. This information has to come from Asus.
 
Last edited:
I don’t see RT-AX86U and RT-AX88U on Asus EoL list so whenever Google AI is saying is irrelevant. This information has to come from Asus.
That was my whole point, Google said one thing, people on this forum said something else, Asus hasn't said anything officially yet. So, with the exception of @RMerlin , or maybe @thiggins , info on this forum is just as useless and unconfirmed as it is from Google, unless whoever presents the info can back it coming from Asus directly (in this case.). If this forum has confirmed anything to me at this point, it's there is malware and it needs to be patched, which also confirmed my concerns of continuing to use the RT-AX86U as a daily router due to lack frequent firmware updates. So, until Asus steps up and and provides an official firmware update. I'll just consider anyone talking about one coming wishful thinking, as all the other evidence I have shows it's out of support, at least on the surface. However, I'm willing to let Asus come through and provide the update to show this particular model and the users of it, are still of concern to them. They could also use this opportunity to force people to buy a new router, to have the problem fixed. just have to wait and see what happens.
 
OK @Tech9, dial back the snark.

Sorry, but I'm with @Tech9 here.

My heart sinks when a question is asked on a forum such as this and someone replies with a cut&paste from ChatGPT or similar.

I think it should be actively banned.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top