Malware damaging ASUS routers?

[RMerlin]

At this point, it’s still unclear whether Asus has fixed this flaw (i.e., the lack of proper verification when updating records).

From that website:

"We informed ASUS of this zero-day attack scenario in May 2023, with a promised fix in July 2023."

 

[bennor]

Details of this vulnerability on the Black Hat Briefing here which includes slides that explain the exploitation process in detail.

At this point, it’s still unclear whether Asus has fixed this flaw (i.e., the lack of proper verification when updating records).

As the link you posted indicates Asus "promised fix in July 2023". Per the following advisory from Asus there was a DDNS fix issued in July of 2023:
https://www.asus.com/content/asus-product-security-advisory/

07/25/2023 Strengthening DDNS Security for RT-AX1800U, RT-AX3000, RT-AX3000 v2, RT-AX86U, TUF-AX3000 and TUF-AX5400

The RT-AX1800U, RT-AX3000, RT-AX3000 v2, RT-AX86U, TUF-AX3000 and TUF-AX5400 router models now allow binding DDNS to a user's account to mitigate the risk of Man-in-the-Middle (MITM) attacks. We advise taking the following actions:

1. If you're not managing your router with the ASUS Router App, we recommend installing it. The app can be found by searching for "ASUS Router App" in the iOS App Store or Google Play. For more information about the app, please refer to this link: https://www.asus.com/content/asus-router-app/
2. Update your router to the latest firmware using the ASUS Router App. Here's how you can do it: https://www.asus.com/support/FAQ/1045788/
3. Connect your device to your account: Detailed instructions on how to do this are provided here: https://www.asus.com/support/FAQ/1048185

Please note, if you choose not to connect your device to your account, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger.

(See link for rest of notice)

 

[rung]

As the link you posted indicates Asus "promised fix in July 2023". Per the following advisory from Asus there was a DDNS fix issued in July of 2023:
https://www.asus.com/content/asus-product-security-advisory/

Seems ironic to me that their recommendation was to use the Asus app when it was that very app which was leaking the router login credentials to the dns poisoned rogue websites.

 

[Tech9]

Asus really has to do something fast about RT-AX86U/S. There is another report for damaged RT-AX86U along with connected to it RT-AX82U nodes. Not sure how this malware spreads to AiMesh nodes as well.

Solved - RT-AX86U - Stuck on old firmware (solved!), WiFi not working (solved!)

Not a weakness, but the way it works. Asuswrt-Merlin is modified stock Asuswrt. It's not entirely open source firmware and contains proprietary closed source components. Current security issue is in closed source components and Asus has to provide fix first. Only then Asuswrt-Merlin developer...

www.snbforums.com

 

[jksmurf]

Asus really has to do something fast about RT-AX86U/S. There is another report for damaged RT-AX86U along with connected to it RT-AX82U nodes. Not sure how this malware spreads to AiMesh nodes as well.

Solved - RT-AX86U - Stuck on old firmware (solved!), WiFi not working (solved!)

Not a weakness, but the way it works. Asuswrt-Merlin is modified stock Asuswrt. It's not entirely open source firmware and contains proprietary closed source components. Current security issue is in closed source components and Asus has to provide fix first. Only then Asuswrt-Merlin developer...

www.snbforums.com

Agree; it seems like all the other Routers are getting updates, yet (one of) the most popular Models (based on the weekly no. of Merlin Downloads alone, not ASUS) is not ... yet.

 

[iFrogMac]

So, here is my question at this point, since I don't need the RT-AX86U anymore after buying the new BE92U, should I just get rid of the AX86U at this point? I had intended on keeping it as a backup router in case of problems, and of course I temporary put it into use to see this issue resolved. At this point I'm seeing more info in favor saying the original RT-AX86U is no longer supported and will no longer get updates, and was replaced by the new Pro model. It's just not officially on Asus' EOL list yet. However, if I type "Is RT-AX86U end of support?" into Google, I get the following response:

"
AI Overview
Learn more…Opens in new tab

Yes, the original RT-AX86U router has been discontinued and is no longer supported:

• End-of-life
  The original RT-AX86U is no longer manufactured, and its certification, firmware, utility, website, DM, QSG, and manual will not be updated.
  
  
  
• Replacement
  The RT-AX86U has been replaced by the RT-AX86U Pro, which has a faster processor. The RT-AX86U Pro supports ASUS AiMesh, a mesh-networking technology that can create a whole-home network using multiple ASUS routers.
  
  

The RT-AX86U is a dual-band WiFi 6 router that offers fast speeds up to 5700 Mbps and a Mobile Game Mode for low-latency gaming. CNET named it the best gaming router overall, praising its latency management and excellent range."

Since Google usually gives me accurate info on tech related topics. I was just waiting for Asus to officially update the EOL list to make it official.

 

[Tech9]

AI Overview

Forget about this AI crap.

 

[bennor]

At this point I'm seeing more info in favor saying the original RT-AX86U is no longer supported....

Considering the EOL RT-AC68U just got a firmware update to address the recent security vulnerability, I'd venture to guess the RT-AX86U will get one as well in the coming days. The RT-AX86U last firmware update was just six months ago (2024/05/13 - 3.0.0.4.388_24243).

 

[iFrogMac]

Considering the EOL RT-AC68U just got a firmware update to address the recent security vulnerability, I'd venture to guess the RT-AX86U will get one as well in the coming days. The RT-AX86U last firmware update was just six months ago (2024/05/13 - 3.0.0.4.388_24243).

Right, that's the firmware I have on the router. As I've mentioned though, to make sure I was safe, and also because I wanted access to faster than 1G Ethernet I bought an RT-BE92U. I just felt it was the overall best choice in my case, and if the RT-AX86U did continue to get updates I would have it as a backup router. I just won't have to depend on it as the main router now. Yes, I saw several EOL routers get updates, that's why I find the situation frustrating to deal with. I had actually bought and had been using the new Router prior to even hearing about this Malware. I'll just keep an eye on this thread, and see what happens. Thanks.

EDIT: As far as the AI responses from Google, I'm aware that not all AI is correct in response. Many times though, I have found it contains accurate info, even if it's limited. So, that's why I haven't been quick to dismiss what it says about the RT-AX86U, It's pulling that information from somewhere. I just haven't found an official source at this time.

 

[thiggins]

Forget about this AI crap.

OK @Tech9, dial back the snark.

 

[bbunge]

Considering the EOL RT-AC68U just got a firmware update to address the recent security vulnerability, I'd venture to guess the RT-AX86U will get one as well in the coming days. The RT-AX86U last firmware update was just six months ago (2024/05/13 - 3.0.0.4.388_24243).

Well, after reading the AC68U got an upgrade I checked the AC66U B1 and sure enough it too got an upgrade (not surprising they are the same hardware).

So, with an abundance of caution I replaced the AX86U mesh node with the AC66U B1 until the AX86U gets an upgrade.

@Tech9, I agree about the AI stuff. Searching Google recently has resulted in AI answers that were inaccurate or just plane wrong. And the sad part is that the general public will believe those answers!

 

[iFrogMac]

Well, after reading the AC68U got an upgrade I checked the AC66U B1 and sure enough it too got an upgrade (not surprising they are the same hardware).

So, with an abundance of caution I replaced the AX86U mesh node with the AC66U B1 until the AX86U gets an upgrade.

@Tech9, I agree about the AI stuff. Searching Google recently has resulted in AI answers that were inaccurate or just plane wrong. And the sad part is that the general public will believe those answers!

In terms of Google's AI Answers I never took it as the final answer, or official answer. I used it to look for an official source of info that could be backed up. I have seen AI answers that do have correct info as I am familiar with the info given so in those cases I can back up with facts that those answers were correct. The RT-AX86U solution though is a bit harder because there is no proven facts of it receiving a firmware upgrade. It's all just speculation right now and someone's best guess on other information that could potentially lead to people being right and an update to patch the issues is still coming. So as I have said before, I did what I felt best for my situation and didn't rely on other people to cover my back in a solution.

 

[bitsbytes]

any reason the AX86U update is taking longer than other models to come out? even my unpopular AX58U, which i use as a nod, got the update almost a week ago !

 

[Tech9]

I don’t see RT-AX86U and RT-AX88U on Asus EoL list so whatever Google AI is saying is irrelevant. This information has to come from Asus.

 

[iFrogMac]

I don’t see RT-AX86U and RT-AX88U on Asus EoL list so whenever Google AI is saying is irrelevant. This information has to come from Asus.

That was my whole point, Google said one thing, people on this forum said something else, Asus hasn't said anything officially yet. So, with the exception of @RMerlin , or maybe @thiggins , info on this forum is just as useless and unconfirmed as it is from Google, unless whoever presents the info can back it coming from Asus directly (in this case.). If this forum has confirmed anything to me at this point, it's there is malware and it needs to be patched, which also confirmed my concerns of continuing to use the RT-AX86U as a daily router due to lack frequent firmware updates. So, until Asus steps up and and provides an official firmware update. I'll just consider anyone talking about one coming wishful thinking, as all the other evidence I have shows it's out of support, at least on the surface. However, I'm willing to let Asus come through and provide the update to show this particular model and the users of it, are still of concern to them. They could also use this opportunity to force people to buy a new router, to have the problem fixed. just have to wait and see what happens.

 

[alan6854321]

OK @Tech9, dial back the snark.

Sorry, but I'm with @Tech9 here.

My heart sinks when a question is asked on a forum such as this and someone replies with a cut&paste from ChatGPT or similar.

I think it should be actively banned.

 

[iFrogMac]

Y'all gotta start voting with your wallet

Count me in, as I already did

 

[Jbennett360]

Count me in, as I already did

What did you go with?

 

[iFrogMac]

What did you go with?

The Asus RT-BE92U. Almost the same form factor as the RT-AX86U but has one 10 G LAN/WAN and 4 2.5G ports with one also being a WAN option and it has 6GHz.

 

[Tech9]

ASUS EOL list for routers has the AX-86U as EOL.

Where exactly you see RT-AX86U on this list?