I'm dyslexic. I read AX-68U as AX86U. Deleted incorrect post.
Malware damaging ASUS routers?
- Thread starter Tech9
- Start date
Well since Apple discontinued Airport, there isn't anything else I am really happy with after trying Netgear, TP-Link, etc. In the case of this flaw, it seems like it's mainly the RT-AX86U (original ) that's not getting the treatment. The new router seems to have the patched firmware, and it's not mentioned as being affected by this. Besides, I don't use the features that open the router to this particular Malware. With that said, it sounds like people have gotten their routers affected without AICloud enabled as well. So, I had gotten the new router before even learning about this for port upgrades and for the new line of firmware updates. Learning about this just made me happier that I upgraded before I had an issue.
Tech9
Part of the Furniture
Jbennett360
Senior Member
Surely voting with your wallet means not buying more Asus hardware?
I think users that cannot or do not research on their own questions should be banned.
Maybe I’m the minority, but dependence on other people who go out of their way to help isn’t good. That said why should I put more effort into an answer then dropping a chatgpt text when they won’t help themselves.
Honesty chatgpt is just a tool. As long as you research the facts it’s often at least a convenient tool if you don’t want to type out instructions in a concise way. I think cheating a little is okay in that regard.
If users need clarification or if it’s beyond just a simple fix or not having any experience with scripting that’s different. That’s a skill set issue not simply minor lack of effort. Users should learn complex knowledge, but I don’t blame them if they don’t. It’s the stuff that is regurgitated again and again on the forum that’s annoying.
Last edited:
Tech9
Part of the Furniture
Some users need clarification on the clarification and always want to make sure and double and tipple check. After all this - jump from one bad supported router to another with beta firmware on it and exactly the same problematic software offered there. No human or AI can help.
What’d he do I need some clarification?
Damn. These lines always blur together.
I know. I’m being sarcastic and playing the part of the user.
FYI the Asus-Merlin prebeta test builds for 386.14_2 and 388.8_3 are now available. Both have a;
Pre-beta test builds
www.snbforums.com
386.14_2 (xx-xxx-2024)
- UPDATED: OpenVPN to 2.6.12.
- CHANGED: Enabled Netfilter queue support for SDK6/SDK7
devices (patch by HiHat)
- FIXED: Security issues in AiCloud (backports from Asus)
- FIXED: CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 &
Implicit rejection for RSA PKCS#1 in openssl
(backport from Ubuntu by RSDNTWK)
www.snbforums.com
3004.388.8_4 (xx-xxx-2024)
- CHANGED: VPN killswitch will now only be active if the
VPN client itself is enabled. If you stop/start
the client yourself over SSH, you need to also
update the enabled/disabled nvram setting.
- FIXED: Security issues in AiCloud (backports from Asus)
- FIXED: CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 &
Implicit rejection for RSA PKCS#1 in openssl
(backport from Ubuntu by RSDNTWK)
(Yes that is a 388.4 typo in the change log for 388.3)
Note: The above firmware are TEST BUILDS and may have issues or bugs in them so keep that in mind if you are going to install them to mission critical production routers!!!
FIXED: Security issues in AiCloud (backports from Asus) fix.Pre-beta test builds
[ 386.14_1 Build(s) ] available build(s)
https://www.asuswrt-merlin.net/test-builds 386.14_2 (xx-xxx-2024) - UPDATED: OpenVPN to 2.6.12. - CHANGED: Enabled Netfilter queue support for SDK6/SDK7 devices (patch by HiHat) - FIXED: Security issues in AiCloud (backports from Asus) - FIXED: CVE-2024-2511, CVE-2024-4741...
www.snbforums.com
- UPDATED: OpenVPN to 2.6.12.
- CHANGED: Enabled Netfilter queue support for SDK6/SDK7
devices (patch by HiHat)
- FIXED: Security issues in AiCloud (backports from Asus)
- FIXED: CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 &
Implicit rejection for RSA PKCS#1 in openssl
(backport from Ubuntu by RSDNTWK)
[ 3004_388.8_3 Build(s) ] available build(s)
https://www.asuswrt-merlin.net/test-builds https://www.asuswrt-merlin.net/download 3004.388.8_4 (xx-xxx-2024) - CHANGED: VPN killswitch will now only be active if the VPN client itself is enabled. If you stop/start the client yourself over SSH, you need to also...
www.snbforums.com
- CHANGED: VPN killswitch will now only be active if the
VPN client itself is enabled. If you stop/start
the client yourself over SSH, you need to also
update the enabled/disabled nvram setting.
- FIXED: Security issues in AiCloud (backports from Asus)
- FIXED: CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 &
Implicit rejection for RSA PKCS#1 in openssl
(backport from Ubuntu by RSDNTWK)
(Yes that is a 388.4 typo in the change log for 388.3)
Note: The above firmware are TEST BUILDS and may have issues or bugs in them so keep that in mind if you are going to install them to mission critical production routers!!!
Last edited:
TheLostSwede
Very Senior Member
Yet, the RT-AX68U did get the security update.
Hi,
Found this Github Page where you can run the script if your router is infected. hope it helps..
github.com
Found this Github Page where you can run the script if your router is infected. hope it helps..
GitHub - NCSC-NL/asusrouter-malware-scan: This repository contains a script to check your ASUS router for signs of malware by examining running processes, files, and certain settings.
This repository contains a script to check your ASUS router for signs of malware by examining running processes, files, and certain settings. - NCSC-NL/asusrouter-malware-scan
github.com
Ripshod
Very Senior Member
Shame it can't actually remove this malware. I'm wondering if this is the same script that came up a while ago, and whether it's been updated for this new malware - there's only ever been two versions and this latest version is October 18th.Hi,
Found this Github Page where you can run the script if your router is infected. hope it helps..
GitHub - NCSC-NL/asusrouter-malware-scan: This repository contains a script to check your ASUS router for signs of malware by examining running processes, files, and certain settings.
This repository contains a script to check your ASUS router for signs of malware by examining running processes, files, and certain settings. - NCSC-NL/asusrouter-malware-scan
Besides, once the router is infected it's obvious without the need to test.
XIII
Very Senior Member
That’s specific for the two botnet malware families mentioned in this article:Hi,
Found this Github Page where you can run the script if your router is infected. hope it helps..
GitHub - NCSC-NL/asusrouter-malware-scan: This repository contains a script to check your ASUS router for signs of malware by examining running processes, files, and certain settings.
This repository contains a script to check your ASUS router for signs of malware by examining running processes, files, and certain settings. - NCSC-NL/asusrouter-malware-scan
Expert Blog: Consumer routers targeted by multiple botnets
The National Cyber Security Centre (NCSC-NL) has, following an incident response investigation, detected two botnet malware families simultaneously on a consumer router: Alogin botnet malware and TheMoon malware. This blog post explains the investigation and takes a closer look at the two...
english.ncsc.nl
Are these the same as we are discussing here?
RMerlin has updated Asus-Merlin 386.14_2, 3004.388.8_4 and 3006.102.2_2 firmware to release status. All three contain:
https://www.snbforums.com/threads/a...now-available-for-ac-models.91060/post-934246
www.snbforums.com
https://www.snbforums.com/threads/a...e-for-wifi-7-devices.92745/page-3#post-934245
FIXED: Security issues in AiCloud (backports from Asus).https://www.snbforums.com/threads/a...now-available-for-ac-models.91060/post-934246
Release - Asuswrt-Merlin 3004.388.8_4 is now available
Asuswrt-Merlin 3004.388.8_4 is now available for all Wifi 6 models. 3004.388.8_4 (17-Nov-2024) - CHANGED: VPN killswitch will now only be active if the VPN client itself is enabled. If you stop/start the client yourself over SSH, you need to also...
www.snbforums.com
Got word from a solid source 
: the RT-AX86U firmware dropping this week will include the patch for the vulnerability.
And presumably, other affected models not yet officially patched might be covered too—or so I hope.
They’ll also make an official announcement about the CVE.
Of course, I didn’t see or hear anything... you didn’t get this from me
: the RT-AX86U firmware dropping this week will include the patch for the vulnerability. And presumably, other affected models not yet officially patched might be covered too—or so I hope.
They’ll also make an official announcement about the CVE.
Of course, I didn’t see or hear anything... you didn’t get this from me
Similar threads
Similar threads
Similar threads
-
Another weird AX86U issue - but not Malware? - Solved
- Started by ahab
- Replies: 5
-
Possible to connect 2 Asus Zenwifi’s directly to the ISP router in AP mode?
- Started by Agepagelage
- Replies: 2
-
-
Asus RT-AX88U doesn't create Wi-Fi 6 network
- Started by him7403
- Replies: 14
-
-
Asus AX11000 VPN Fusion Notification
- Started by TomP
- Replies: 2
-
-
Asus RT-AX86U no wifi. LEDs off.
- Started by axiomata
- Replies: 15
-
I think my ASUS router somehow "poisoned" my AT&T's fiber gateway...
- Started by SolidSonicTH
- Replies: 10
Latest threads
-
Asus AX88u slow on 2.4ghz wifi on certain devices
- Started by Zacharybinx34
- Replies: 4
-
-
-
Need some help with older Nas which only allow 16TB as largest volume
- Started by apvm
- Replies: 5
-
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!