Well, I never would trust that IFTTT/Alexa feature regardless, because I don't trust Alexa and the like. How hard is it for me to really turn on my own lights or, in this case, to manually reboot my router? Frankly, I don't trust these systems to get this crap right, let alone taking into account any security holes. As for the last point, yeah, unfortunately that is all too often the case. However, if that is indeed the case here (i.e., they're forgoing security on WPS to get AiMesh out the door), then I'll just switch it off and go with a manually configured AP. Hell, I'm halfway there since I don't have AP roaming on (never turned it on, then tried it and had some issues so turned it off). I can live without the centralized features, especially if they're not going to work right and be a security risk.I must admit that my security views don't always align with Asus's own. For instance, their IFTTT/Alexa feature requires you to expose your router's webui to the WAN, something I have always felt strongly against, due to Asuwrt's past track record in security issues tied to the httpd daemon. But marketing too often overrules engineering decisions I fear.
Funny how all this blew up. I really don't know what I'm talking about and fully expected to be told "that's not what you think it is" and to move on. Yet, here we are. It's a possible bug with some potential security implications for a major OEM and some of their high end consumer equipment. And, it might actually get fixed since Asus has a regular presence here. Fancy that.