Malware damaging ASUS routers?

[giosita]

It’s about time. Two more people reported damaged RT-AX86U routers today. The most affected model will be updated last for unknown reasons.

Imho one of the factors slowing down the release of fixes for these devices seems to be the inherent 'fragility' of the HND architecture (CFE erase etc) they use, which makes actual damage possible. My two cents.

 

[Tech9]

There are many HND platform routers, not just this one. EoL RT-AC86U got an update before RT-AX86U.

 

[giosita]

There are many HND platform routers, not just this one. EoL RT-AC86U got an update before RT-AX86U.

Yes, I’m aware there are other models technically part of the HND family, but if I understand correctly, there are various revisions of the platform.

Perhaps some revisions are affected, while others aren’t.

Just speculation for now.

 

[dokey1907]

I have a new unboxed ax86u pro .... is the pro included in this malware issue.

Was hope in to replace my current ac86u and have merlin firmware on the new router.
Now thinking should I send it back
concerned

 

[Jbennett360]

I have a new unboxed ax86u pro .... is the pro included in this malware issue.

Was hope in to replace my current ac86u and have merlin firmware on the new router.
Now thinking should I send it back
concerned

pro is patched.

RT-AX86U Pro - AX5700 Dual Band WiFi 6 Gaming Router - ASUS UK

AX5700 Dual Band WiFi 6 Gaming Router, Mobile Game Mode, AiProtection Pro, WPA3, Parental Control, Mesh WiFi support, 2.5G Port, Gaming Port, Adaptive QoS, Port Forwarding

www.asus.com

 

[dokey1907]

pro is patched.

RT-AX86U Pro - AX5700 Dual Band WiFi 6 Gaming Router - ASUS UK

AX5700 Dual Band WiFi 6 Gaming Router, Mobile Game Mode, AiProtection Pro, WPA3, Parental Control, Mesh WiFi support, 2.5G Port, Gaming Port, Adaptive QoS, Port Forwarding

www.asus.com

is that just for asus stock firmware, or both for merlin many thanks jbennett360

Like to use merlin firmware

 

[bennor]

is that just for asus stock firmware, or both for merlin many thanks jbennett360

Like to use merlin firmware

It is both. Asus posted updated firmware on 2024/11/06 that contained a fix for AiCloud. RMerlin posted updated Asus-Merlin release version firmware this past Sunday that contains a fix for AiCloud.

RT-AX86U Pro｜WiFi Routers｜ASUS Global

AX5700 Dual Band WiFi 6 Gaming Router, Mobile Game Mode, AiProtection Pro, WPA3, Parental Control, Mesh WiFi support, 2.5G Port, Gaming Port, Adaptive QoS, Port Forwarding

www.asus.com

Release - Asuswrt-Merlin 3004.388.8_4 is now available

Asuswrt-Merlin 3004.388.8_4 is now available for all Wifi 6 models. 3004.388.8_4 (17-Nov-2024) - CHANGED: VPN killswitch will now only be active if the VPN client itself is enabled. If you stop/start the client yourself over SSH, you need to also...

www.snbforums.com

Been running the 3004.388.8_4 on a RT-AX86U Pro since Sunday without issue.

 

[giosita]

Something is happening: everything has disappeared from the firmware page of the RT-AX86U

 

[Jbennett360]

Something is happening: everything has disappeared from the firmware page of the RT-AX86U

View attachment 62528

All still showing for me

 

[bennor]

Something is happening: everything has disappeared from the firmware page of the RT-AX86U

Seeing the same for the Asus Global site.
https://www.asus.com/networking-iot...s?model2Name=RT-AX86-Series-RT-AX86U-RT-AX86S
If I hit the "Swtich to US website" button while on that page it it now goes to a "We'll be back" page. https://dlcdnwebsites.asus.com/maintain/web/500.html
This link however still works and shows the May firmware.
https://www.asus.com/us/networking-...s-gaming-routers/rt-ax86u/helpdesk_knowledge/
Asus is probably in the midst of updating pages and information so some pages are loading funky. Or there is some issue with routing or caching.

 

[ANTHONY96]

I could not log in to the RT-AX86U with my saved credentials, even after a reboot. After pressing the reset button, the router’s wireless functionality stopped working. I attempted a hard factory reset and used the Firmware Restoration tool, but the problem persists. Then a “country code error” also appears in the web GUI. I found out other posts mentioned the malware infections could corrupt or delete the manufacturing partition (mtd10), which has caused wireless functionality to fail and resulted in a "country code error."

I have received confirmation from ASUS that they are aware of this issue and have already implemented a fix. It has been confirmed that my Router cannot be repaired through a software upgrade. ASUS suggested that users contact customer service to request product repair services.

 

[Tech9]

and have already implemented a fix

Not yet for this model though. More will get damaged as a result.

 

[ANTHONY96]

I’m not sure what fixes they’ve implemented, it seems the firmware still hasn’t been updated. In my case, my router is already out of warranty. However, I’ve already received an RMA and will provide an update once I hear back from the repair center.

 

[giosita]

I’m not sure what fixes they’ve implemented, it seems the firmware still hasn’t been updated. In my case, my router is already out of warranty. However, I’ve already received an RMA and will provide an update once I hear back from the repair center.

They released a signature update that automatically detects and removes related processes or malware.

The signature update is applied through the router's underlying software and does not require a firmware update.

However, it is not a permanent solution and may require further actions, such as a firmware update, to definitively address the issue or vulnerability.

 

[iFrogMac]

They released a signature update that automatically detects and removes related processes or malware.

The signature update is applied through the router's underlying software and does not require a firmware update.

However, it is not a permanent solution and may require further actions, such as a firmware update, to definitively address the issue or vulnerability.

Is there a way to know if the signature update has been downloaded, and applied? The firmware update says it's current, and I don't have AI Protection enabled, or any of the AI related functions. My RT-AX86U hasn't gotten infected, so I am simply curious as to if there is a way to know for sure the router has downloaded the update and done scans.

 

[Tech9]

What @giosita is talking about is ASD file update. Different than Trend Micro signature update on Firmware Update page.

 

[iFrogMac]

Thanks, I think I'll just wait for a firmware update. I am not familiar with ASD updates since I've never done one, that I know of. I looked it up and the info I got said to get it from the Asus support page for the router model under Drivers and tools for Asus Live Updates. According to the support site, it's only available for windows downloads, or A GPL dated September of this year. So based on that info, it doesn't look like I could apply ASDs with a mac, unless I'm missing something here and they can be uploaded to the router like a firmware update. Either way, maybe Asus will also release new firmware, it sounds like this is more of a band-aid than a real fix anyway.

 

[Tech9]

I've never done one

There is no user update for this one. Automatic updates from Asus servers in background.

 

[iFrogMac]

Thanks, I'll just let the router manage itself then for this one.

 

[Tech9]

Newer firmware versions have Security Update switch on Firmware Update page. This is what updates ASD. Needs data sharing agreement to Asus.