RT-AX86U 3.0.0.4.388_24243 hacked
- Thread starter Radek8
- Start date
Ripshod
Very Senior Member
That May fix is not related to the current issue.
I wonder if asus are even aware there's an issue.
ColinTaylor
Part of the Furniture
Yes they are.
Tech9
Part of the Furniture
Seems like additional conditions have to be met because I had one the same model and firmware bait router running for about a week with both AiCloud active and Access from WAN enabled with weak passwords and it didn't catch anything. Had to stop it because of system changes. It perhaps needs user activity, more time and public WAN IP. Mine was running in DMZ, I have a modem only used by my main network.
eibgrad
Part of the Furniture
The solution here is NOT continually waiting for fixes to these hacks. It's vowing NEVER EVER to allow direct access to services over the WAN except for OpenVPN server. And even then, you could redirect from the WAN to another internal device supporting OpenVPN server on a much more hardened platform.
In my own case, I run OpenVPN server internally, and keep it on a device which itself is managed using a wifi-enabled AC adapter and my smartphone, so it's only running on-demand. Why keep something running 24/7 when you're using it 5% or less of the time?
Another strategy (when practical) is to limit access based on known public source IPs. If you're always accessing it from your workplace, a second home, the same wifi cafe, etc., you can severely limit your exposure, even if the service is compromised.
I understand the convenience these services offer. But opening them to the public at large 24/7 is just asking for trouble. They aren't written w/ security and privacy as a major concern, but simply to add bullet-points in the marketing, regardless of the risk.
If you need such capabilities, you need to put more effort in creating better solutions.
In my own case, I run OpenVPN server internally, and keep it on a device which itself is managed using a wifi-enabled AC adapter and my smartphone, so it's only running on-demand. Why keep something running 24/7 when you're using it 5% or less of the time?
Another strategy (when practical) is to limit access based on known public source IPs. If you're always accessing it from your workplace, a second home, the same wifi cafe, etc., you can severely limit your exposure, even if the service is compromised.
I understand the convenience these services offer. But opening them to the public at large 24/7 is just asking for trouble. They aren't written w/ security and privacy as a major concern, but simply to add bullet-points in the marketing, regardless of the risk.
If you need such capabilities, you need to put more effort in creating better solutions.
Last edited:
Similar threads
Similar threads
Similar threads
-
5G Frequency issue on RT-AX86U after update 3004.388.8_2
- Started by TheOldGuy
- Replies: 2
-
RT-AX86U with latest version 3004.388.8_2 always crash and reboot
- Started by wuwentao
- Replies: 28
-
RT-AX86U 3004.388.8_2 . pet feeder app cannot connect to wifi why?
- Started by chrisloup
- Replies: 6
-
-
custom ddns update every minutes with AX86U 3004.388.7 firmeware
- Started by wuwentao
- Replies: 21
-
AX86U no longer boots if usb is connected after latest update 3004.388.7
- Started by zany130
- Replies: 3
-
Enabling SQM only on Asymmetrical Connection (1150/40) via AX86U Pro (3004.388.4)
- Started by tenturo
- Replies: 5
-
3004.388.6_2 media bridge mode (RT-AX86U but maybe others also) - port status missing
- Started by chris.at
- Replies: 8
-
-
Getting flooded with log entries I don't understand on my RT-AX86U Pro running 3004.388.6_2
- Started by RobD
- Replies: 13