Menu
What's new
By:
Filters Better Search

Was my router's username and password hacked?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

kastuvas said:
if you care about your routers safety PLEASE DO NOT open WAN port for the remote access (...)
Click to expand...
Wise words.
kastuvas said:
And it applies to the all ASUS/Merlin/other forks, not only for the ASUS routers (for example customized R7000). They are all hackable.
Click to expand...
I'm sure that applies to every consumer grade router out there and not just a particular firmware version or make or model.
 
kastuvas said:
even the newest Merlin fw is exposed to the exploit, also the stock firmware.
Click to expand...
Do you have any supporting evidence to back up that claim? The specific exploit that is the subject of this thread appears to have been fixed by the patch at the beginning of last year (that's not to say there isn't others).
 
kastuvas said:
even the newest Merlin fw is exposed to the exploit, also the stock firmware
Click to expand...
Just curious, are you referring to specific vulnerability or just giving common idea?
 
One thing I've noticed with the ASUS router app is that when you first run it and detects your router - after you login, it enables remote access to the router itself. Also, turning that option off in the app DOES NOT turn it off on your router, you have to go in to the GUI and manually disable it again, after you disable it in the app.

*** and yes, this happens on the latest stock firmware from ASUS! Once the app starts controlling the router, it automatically enables access, and as above, you have to turn it off manually on the app and the router itself.
 
MysticGold04 said:
One thing I've noticed with the ASUS router app is that when you first run it and detects your router - after you login, it enables remote access to the router itself. Also, turning that option off in the app DOES NOT turn it off on your router, you have to go in to the GUI and manually disable it again, after you disable it in the app.

*** and yes, this happens on the latest stock firmware from ASUS! Once the app starts controlling the router, it automatically enables access, and as above, you have to turn it off manually on the app and the router itself.
Click to expand...

I have not found this to be true.

You have to enable Remote connection in the app as it will prompt you it doesn't do it automatically.

If you do enable it then yes you are going to be opening up yourself to attacks.
 
30minutes ago...AC56U with 389.6 firmware.

SSH was NOT accessible on WAN
HTTPS web interface WAS accessible from WAN but on 8443 port.

short timeline:
@ 8.00am tried the android Asus router app. i've entered the credentials but i was unable to logon. I was about the left for work so i didnt spend time on this.
@ 14:00 i've connected on SSH using OVPN in order to install an update of FreshJR QOS. Everything was fine.
@14:15 i've applied a static IP on my PS4 using device list. For some reason, doing this is resetting a lot of services and the router is re-sconnecting from the internet.
@14.20 dynamic IP was update, router was back online, connected to OVPN and tried to SSH. Access Denied! Web login, Access Denied!

i dont have physical access to the router right now to power-cycle the router, but i've done this many times without any issue. the ONLY difference is that today i've installed the android ASUS ROUTER APP.

so PWNED of SSH glitch?

ulGjlwA.jpg
 
sfortis said:
HTTPS web interface WAS accessible from WAN but on 8443 port
Click to expand...
If you were hacked it was likely this that caused it. WAN access to webui is STRONGLY advised against, as per @RMerlin
 
Using "admin" as user id and an exposed webui to WAN is another bad idea. You should use something else as login.
 
sfortis said:
30minutes ago...AC56U with 389.6 firmware.

SSH was NOT accessible on WAN
HTTPS web interface WAS accessible from WAN but on 8443 port.

short timeline:
@ 8.00am tried the android Asus router app. i've entered the credentials but i was unable to logon. I was about the left for work so i didnt spend time on this.
@ 14:00 i've connected on SSH using OVPN in order to install an update of FreshJR QOS. Everything was fine.
@14:15 i've applied a static IP on my PS4 using device list. For some reason, doing this is resetting a lot of services and the router is re-sconnecting from the internet.
@14.20 dynamic IP was update, router was back online, connected to OVPN and tried to SSH. Access Denied! Web login, Access Denied!

i dont have physical access to the router right now to power-cycle the router, but i've done this many times without any issue. the ONLY difference is that today i've installed the android ASUS ROUTER APP.

so PWNED of SSH glitch?

ulGjlwA.jpg
Click to expand...

If you have access through OpenVPN, why use the Android app? I’m sure it looks snazzy, but can you be totally sure of its security? I wouldn’t even use the Asus router app on an Apple device.
 
ColinTaylor said:
My money would be on glitch. I wouldn't have immediately jumped on the forums but waited until I could get home to access it locally to do some diagnosis.
Click to expand...

i'll see in a few hours. i'm very curious!

ps.jumped on the forums just to post my experience and post an alert that a potential attack is currently in progress.
 
martinr said:
In Merlin’s own words:

“Personally however, I do not recommend opening even HTTPS to the WAN. Asuswrt's web server is poorly secured, and has had numerous security issues over the years. Best to limit it to LAN only, and use a VPN to remotely access it.”

https://www.snbforums.com/threads/e...wan-but-keep-http-from-lan.42521/#post-361843
Click to expand...

This guy is probably right :) Although i've changed the HTTPS to a non-common port, giving my less chances to be hacked. But in any case, i totally agree.
 
You must log in or register to reply here.

Similar threads

A
CloudFlare Proxied DNS, can't login to Asus router
Replies
10
Views
394
Crimliar
Crimliar
R
Prevent SSH Disconnect / Timeout around ~ 105-116 seconds from last activity on terminal session
Replies
7
Views
1K
ColinTaylor
C
C
Port Forwarding and Firewall - not working as I expect
Replies
4
Views
936
chrisisbd
C
eibgrad
Clarification and Discussion on Recent 388.8 Changes
2
Replies
25
Views
2K
eibgrad
eibgrad
GShlomi
Sharing my DualWan with port forwarding and DDNS experience
Replies
0
Views
435
GShlomi
GShlomi
Similar threads
Thread starter Title Forum Replies Date
TheLyppardMan Flash Drive was getting pretty hot Asuswrt-Merlin 38
H add_wlc_event_tbl(1040): client table was full Asuswrt-Merlin 0
theirongiant AX88U Pro (3004.388.5) suddenly rebooted mid-day. Last manual reboot was a few days ago. Asuswrt-Merlin 0
R Solved RT-AX86U Pro log repeats "WAN_Connection: WAN was restored" while red light keeps on and no Internet connection? Asuswrt-Merlin 24
E Unable to add GT-AX11000 as an AiMesh node to GT-BE98 PRO router Asuswrt-Merlin 0
L Why can't I associate my router with my iOS account in the app? Asuswrt-Merlin 7
A Duckdns on Asus merlin router Asuswrt-Merlin 1
P Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware Asuswrt-Merlin 9
H Astrill router applet problem. Asuswrt-Merlin 0
sthornington Latest (Oct 2024) "best" recommended router for Merlin? Asuswrt-Merlin 19

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 784 (members: 30, guests: 754)
Top