RT-AX88U maxing out a core and regularly showing 60+ MB/s upload

[bluzfanmr1]

Thread 'ASUS RT-BE86U Firmware version 3.0.0.6.102_37022'
https://www.snbforums.com/threads/asus-rt-be86u-firmware-version-3-0-0-6-102_37022.92289/

“2.Enhanced AiCloud password protection mechanisms, safeguarding against unauthorized access attempts.”

Seems that AiCloud could be the problem child.

Does this apply even when disabled? I have never used it nor enabled it.

 

[bluzfanmr1]

My spikes today weren't a glitch. I check my isp app and it displays the amount of GB's used and see big jumps!!
Changed my password again, even stronger, rebooted and switched off ddns again.
Will rely on twingate for access (hoping this is still secure)

Unfortunately I have Spectrum Internet and it's unlimited, so they provide no data to the customer. I imagine if this is actually happening and continues, I will hear from them.

 

[ColinTaylor]

I have smart access enabled only.
Should I disable this?

Yes.

 

[Paliv]

Does this apply even when disabled? I have never used it nor enabled it.

I have no idea. I’ve never used it either. It’s been a problem since I first started using ASUS routers.

 

[jd24]

I have a new router omada ER7206 coming today. Until this is fixed on my asus I can't be dealing with this issue wile trying to work from home remoting from one continent to another through azure vpn/ rdp.
Been thinkng of going omada for a while, will install the controller as a container on my unraid. (of course unless I have an infected device on my lan and the same happens! Fingers crossed the tplink will at least allow me to continue without this current issues until we know for sure what it is)

 

[dave14305]

Aren’t these AiCloud services disabled by default in Merlin? Are people intentionally enabling them or is this a chained exploit using some other method to get into the router and enable the AiCloud services?

We still have no idea if it’s really AiCloud’s fault, but it’s been present on all the devices confirmed to have the sshd “infection”. Guilty until proven innocent?

 

[jd24]

Once I get my omada set up tonight, I'll swap them over and totally wipe the RT-AX86U. Then probably use it as non-dhcp, wifi only AP with the other RT-AC86U I have as a mesh node.

 

[Tech9]

Once I get my omada set up tonight

By the way, if you are going to use Omada SDN and not stand alone GUI - Omada doesn't require local hardware/software controller anymore. There is a new Omada Cloud-Based Controller option with free account. Somewhat limited in features, but can save $100 in hardware.

Omada Cloud-Based Controller

With the Omada Cloud-Based Controller entirely in the cloud, Omada Cloud SDN offers zero-touch provisioning for efficient and affordable deployment and provides centralized management of the network, including access points, switches, and routers.

www.tp-link.com

 

[jd24]

By the way, if you are going to use Omada SDN and not stand alone GUI - Omada doesn't require local hardware/software controller anymore. There is a new Omada Cloud-Based Controller option with free account. Somewhat limited in features, but can save $100 in hardware.

Omada Cloud-Based Controller

With the Omada Cloud-Based Controller entirely in the cloud, Omada Cloud SDN offers zero-touch provisioning for efficient and affordable deployment and provides centralized management of the network, including access points, switches, and routers.

www.tp-link.com

Unraid have the omada controller as an app - will give that a go first, good reviews.
But thanks for the alternative option. Prefer to have it local

 

[Rewonka]

I found this:

ASUS fixed critical remote authentication bypass bug in several routers

Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models.

securityaffairs.com

 

[jd24]

I found this:

ASUS fixed critical remote authentication bypass bug in several routers

Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models.

securityaffairs.com

Date: June 16, 2024
But it's Oct and we've only seen these issues now?

Now all of us on merlin, roll back to stock with this patch update? Or are merlin going to release a new version?
Anyways my omada ER7206 is arriving tonight. We'll give that a run for its money to see if I like the ecosystem.

 

[Ripshod]

Perhaps we can look forward to a patched 3004 merlin drop soon. But, as things are shaping up, we'd only be vulnerable if we leave the door open by exposing services on the router anyway.

 

[ColinTaylor]

Date: June 16, 2024
But it's Oct and we've only seen these issues now?

That's the date of the disclosure. Asus had already issued patched firmware in March and April.

This was already discussed at the time: https://www.snbforums.com/threads/i...us-using-merlin-firmware-cve-2024-3080.90598/

 

[firecracker]

Aren’t these AiCloud services disabled by default in Merlin? Are people intentionally enabling them or is this a chained exploit using some other method to get into the router and enable the AiCloud services?

We still have no idea if it’s really AiCloud’s fault, but it’s been present on all the devices confirmed to have the sshd “infection”. Guilty until proven innocent?

I'm running stock ASUS firmware, not Merlin. Yes, it's enabled by default.

 

[firecracker]

I found this:

ASUS fixed critical remote authentication bypass bug in several routers

Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models.

securityaffairs.com

This is from June and I was already running that firmware.

 

[arturk]

Aren’t these AiCloud services disabled by default in Merlin? Are people intentionally enabling them or is this a chained exploit using some other method to get into the router and enable the AiCloud services?

Interesting theory. I honestly cannot remember turning them on myself. I have them disabled and so far so good. But it has been only 2 days so far.

 

[fruitcornbread]

Thread 'ASUS RT-BE86U Firmware version 3.0.0.6.102_37022'
https://www.snbforums.com/threads/asus-rt-be86u-firmware-version-3-0-0-6-102_37022.92289/

“2.Enhanced AiCloud password protection mechanisms, safeguarding against unauthorized access attempts.”

Seems that AiCloud could be the problem child.

The RT-AX5400 firmware version 3.0.0.4.388_25119 had a very similar changelog for security too.

Release - ASUS RT-AX5400 Firmware version 3.0.0.4.388_25119 (2024/10/16)

Version 3.0.0.4.388_25119 48.25 MB 2024/10/16 1. Strengthened system code execution processes. 2. Enhanced AiCloud password protection mechanisms, safeguarding against unauthorized access attempts. 3. Refined input validation in the web interface, ensuring a more secure web interaction...

www.snbforums.com

RT-AX57 Go recent firmware made a mention about fixing AiCloud vulnerabilities too.

Version 3.0.0.6.102_55783 (2024/10/15)
Security:
Update SAE-H2E for security.
Update privacy policy.
Fixed OpenVPN vulnerabilities.
Fixed Security command injection.
Fixed AiCloud vulnerabilities.

Feature:
Add Home/Travel mode for multi-function button, you can swap different modes with customized settings with the physical button.
Fixed AiCloud related issues.

RT-AX57 Go｜WiFi Routers｜ASUS Global

Discover RT-AX57 Go: a portable AX3000 WiFi 6 router with cutting-edge MU-MIMO & OFDMA tech, VPN support, AiProtection, & AiMesh for ultimate connectivity.

www.asus.com

 

[ColinTaylor]

I'm running stock ASUS firmware, not Merlin. Yes, it's enabled by default.

Not according to the official Asus documentation.

 

[firecracker]

Not according to the official Asus documentation.

Good that they changed it. Ever since I've been using ASUS routers that feature was enabled when I first set them up.

 

[ColinTaylor]

Good that they changed it. Ever since I've been using ASUS routers that feature was enabled when I first set them up.

It defaulted to disabled on my RT-AC68U and RT-AX86U when got them in 2014 and 2021.