What's new

Malware damaging ASUS routers?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Buying another Asus isn’t exactly voting with your wallet
Well since Apple discontinued Airport, there isn't anything else I am really happy with after trying Netgear, TP-Link, etc. In the case of this flaw, it seems like it's mainly the RT-AX86U (original ) that's not getting the treatment. The new router seems to have the patched firmware, and it's not mentioned as being affected by this. Besides, I don't use the features that open the router to this particular Malware. With that said, it sounds like people have gotten their routers affected without AICloud enabled as well. So, I had gotten the new router before even learning about this for port upgrades and for the new line of firmware updates. Learning about this just made me happier that I upgraded before I had an issue.
 
Sorry, but I'm with @Tech9 here.

My heart sinks when a question is asked on a forum such as this and someone replies with a cut&paste from ChatGPT or similar.

I think it should be actively banned.

I think users that cannot or do not research on their own questions should be banned.

Maybe I’m the minority, but dependence on other people who go out of their way to help isn’t good. That said why should I put more effort into an answer then dropping a chatgpt text when they won’t help themselves.

Honesty chatgpt is just a tool. As long as you research the facts it’s often at least a convenient tool if you don’t want to type out instructions in a concise way. I think cheating a little is okay in that regard.

If users need clarification or if it’s beyond just a simple fix or not having any experience with scripting that’s different. That’s a skill set issue not simply minor lack of effort. Users should learn complex knowledge, but I don’t blame them if they don’t. It’s the stuff that is regurgitated again and again on the forum that’s annoying.
 
Last edited:
If users need clarification

Some users need clarification on the clarification and always want to make sure and double and tipple check. After all this - jump from one bad supported router to another with beta firmware on it and exactly the same problematic software offered there. No human or AI can help. 🤷‍♂️
 
You'll have to go back and read through the thread and then read between the lines...

Damn. These lines always blur together.
 
Back on topic folks.
 
FYI the Asus-Merlin prebeta test builds for 386.14_2 and 388.8_3 are now available. Both have a; FIXED: Security issues in AiCloud (backports from Asus) fix.
Pre-beta test builds

386.14_2 (xx-xxx-2024)
- UPDATED: OpenVPN to 2.6.12.
- CHANGED: Enabled Netfilter queue support for SDK6/SDK7
devices (patch by HiHat)
- FIXED: Security issues in AiCloud (backports from Asus)
- FIXED: CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 &
Implicit rejection for RSA PKCS#1 in openssl
(backport from Ubuntu by RSDNTWK)
3004.388.8_4 (xx-xxx-2024)
- CHANGED: VPN killswitch will now only be active if the
VPN client itself is enabled. If you stop/start
the client yourself over SSH, you need to also
update the enabled/disabled nvram setting.
- FIXED: Security issues in AiCloud (backports from Asus)
- FIXED: CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 &
Implicit rejection for RSA PKCS#1 in openssl
(backport from Ubuntu by RSDNTWK)

(Yes that is a 388.4 typo in the change log for 388.3)

Note: The above firmware are TEST BUILDS and may have issues or bugs in them so keep that in mind if you are going to install them to mission critical production routers!!!
 
Last edited:
Hi,
Found this Github Page where you can run the script if your router is infected. hope it helps..
Shame it can't actually remove this malware. I'm wondering if this is the same script that came up a while ago, and whether it's been updated for this new malware - there's only ever been two versions and this latest version is October 18th.
Besides, once the router is infected it's obvious without the need to test.
 
Hi,
Found this Github Page where you can run the script if your router is infected. hope it helps..
That’s specific for the two botnet malware families mentioned in this article:


Are these the same as we are discussing here?
 
If this script can't do anything about it it's like "Congratulations - you router is infected". And then what?
 
RMerlin has updated Asus-Merlin 386.14_2, 3004.388.8_4 and 3006.102.2_2 firmware to release status. All three contain: FIXED: Security issues in AiCloud (backports from Asus).
https://www.snbforums.com/threads/a...now-available-for-ac-models.91060/post-934246
https://www.snbforums.com/threads/a...e-for-wifi-7-devices.92745/page-3#post-934245
 
Got word from a solid source 😶 : the RT-AX86U firmware dropping this week will include the patch for the vulnerability.

And presumably, other affected models not yet officially patched might be covered too—or so I hope.

They’ll also make an official announcement about the CVE.

Of course, I didn’t see or hear anything... you didn’t get this from me 😶🤐
 
It’s about time. Two more people reported damaged RT-AX86U routers today. The most affected model will be updated last for unknown reasons. 🧐
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top