What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

intechtel

New Around Here
Hello!
Starting late last night we started seeing people with Asus routers, the AC87 in particular, having issues connecting to the Internet almost as if it was a DNS issue, but not. Seems to be affecting this model regardless of the ISP the user has, the DNS used, and even on routers running Merlin firmware VS OEM.

You cant access the GUI from the standard 8080 port, but can access via the secure port. After getting in the routers are very slow to respond, and kick you out when attempting to make changes. Also, the router puts you in to the setup wizard when you do get in. Skipping this brings you to the main page with no settings changed or missing from before.

Is anyone else seeing this? As of this writing, I have six folks with this issue.
 
Six people out of how many?

Do these routers have the admin interface accessible from the WAN? :eek: There's been recent reports of Asus routers being hacked via this route when using firmware that isn't the most recent.
 
Last edited:
Six people out of how many?

Do these routers have the admin interface accessible from the WAN? :eek: There's been recent reports of Asus routers being hacked via this route when using firmware the isn't the most recent.

And even the latest can potentially be hacked. I was notified of yet another vulnerability this week that isn't patched yet (I had the info forwarded upstream to Asus). I don't know if it's exploitable, but it can definitely be used to crash the web server.
 
It appears that all eight of the folks that have the AC87s that we manage are affected. Have received a few calls from others about this as well, and they all seem to have the AC87. Perhaps some sort of ASIC exploit?

I went and factory reset one of them, it worked for a bit, and then crashed. Was going to try and flash the latest Merlin release to it, but after initial setup, the web interface was inaccessible.
 
Six people out of how many?

Do these routers have the admin interface accessible from the WAN? :eek: There's been recent reports of Asus routers being hacked via this route when using firmware that isn't the most recent.

This is likely off topic but... Google Search gave me a link the other day that put me into the GUI of what appeared to be an open/unconfigured RT-AC5300. That sort of freaked me out... I exited quickly! :eek:

OE
 
Hello!
Starting late last night we started seeing people with Asus routers, the AC87 in particular, having issues connecting to the Internet almost as if it was a DNS issue, but not. Seems to be affecting this model regardless of the ISP the user has, the DNS used, and even on routers running Merlin firmware VS OEM.

You cant access the GUI from the standard 8080 port, but can access via the secure port. After getting in the routers are very slow to respond, and kick you out when attempting to make changes. Also, the router puts you in to the setup wizard when you do get in. Skipping this brings you to the main page with no settings changed or missing from before.

Is anyone else seeing this? As of this writing, I have six folks with this issue.

Been seeing this issue for more than a month across different models and different firmware versions. Reported the issue here:
https://www.snbforums.com/threads/n...ed-by-quick-internet-setup.44719/#post-383293
but never got any traction. I initially thought it was triggered by power disruption, but saw it again last night across multiple routers. I do think Comcast had issues in our area last night, so the issue may also be triggered by temporary loss of WAN connectivity?

Reported directly to Asus tech support a few weeks back... sent them logs and router config backup from one of the affected devices running stock firmware. Their only suggestion was to update firmware to 384. I have not (yet) seen the issue on any device that's been updated to 384.3 or later (have not tested 384 Asus stock firmware), but based on last night's issues, would have expected a 384-configured device to have experienced the issue if it was still affected. Would certainly be nice to understand what's happening... doesn't seem like a problem that should require an update to 384 firmware to resolve, but not sure what setting(s) to try changing at this point.
 
I think I've found it here. It's hosted in Amazon's us-west-2 region. I think both URL's are pointing to the same site actually.

Yeah, that could be it... it was of aws.

OE
 
I experience the same issues as the original poster. RT-AC66U running at my office and RT-AC87U at home both went down today. Both of them running Merlin 380.68. I've got a third at my country house which I suddenly can't access the GUI of. However, I can access units behind the router from the outside. All my routers has WAN access on port 8443. Once I added a password in the wizard everything restored to normal operation, including all setting. Took extra care in checking the url to prevent phishing.

Any ideas on whats going on?
 
All my routers has WAN access on port 8443.

Not only is the httpd server known not to be secure, but you're also running an old version which contains a number of well-known security issues.
 
380.68_2:

Code:
  - FIXED: CVE-2017-12754 security issue.

380.69_2:

Code:
- FIXED: CVE-2018-5999 in httpd (backport from 384_10007)
- FIXED: CVE-2018-5721 in httpd (Merlin & theMIROn)
 
Again, this might be off topic but...

So, I upgraded my 2x68U AiMesh to a 2x86U AiMesh today. Then launched ASUS Router app on Android at the node... it was looking for the previous 68U AiMesh and I couldn't find a way to reset the app to the new network. So, I uninstalled and re-installed the app. It asked for router credentials and then proceeded to find my new AiMesh.

I immediately noticed an ASUS DDNS and WAN remote access were automatically configured by the app... it did not do this before! So I went to the router GUI and disabled the DDNS client and WAN remote access. I must have fudged the WAN remote access HTTP/HTTPS/port settings because the next thing I know I'm at the GUI login and can't login.

To save time!, I reset and re-configured and un-installed the damn app... it and the touch interface are too dangerous, imo. Why in the heck is it automatically setting up DDNS and remote access to the router...

OE
 
Again, this might be off topic but...

So, I upgraded my 2x68U AiMesh to a 2x86U AiMesh today. Then launched ASUS Router app on Android at the node... it was looking for the previous 68U AiMesh and I couldn't find a way to reset the app to the new network. So, I uninstalled and re-installed the app. It asked for router credentials and then proceeded to find my new AiMesh.

I immediately noticed an ASUS DDNS and WAN remote access were automatically configured by the app... it did not do this before! So I went to the router GUI and disabled the DDNS client and WAN remote access. I must have fudged the WAN remote access HTTP/HTTPS/port settings because the next thing I know I'm at the GUI login and can't login.

To save time!, I reset and re-configured and un-installed the damn app... it and the touch interface are too dangerous, imo. Why in the heck is it automatically setting up DDNS and remote access to the router...

OE

The asus app itself enables the remote access and https+http upon setting up a new connection to router with it everytime. To confirm you can uninstall/reinstall the app and connect again. It will be back
 
All my routers has WAN access on port 8443.
Any ideas on whats going on?

Why not disable and setup a vpn server on you're router? so much secure. Not criticising just a suggestion, you probably have you're reasons.

I couldn't sleep at night if i had WAN access enabled :eek: lol
 
The asus app itself enables the remote access and https+http upon setting up a new connection to router with it everytime. To confirm you can uninstall/reinstall the app and connect again. It will be back

Yep, I discovered that with the current app and 2x86U AiMesh. But, this did not happen with the previous 2x68U AiMesh... I'm absolutely sure of this because I've been reviewing AiMesh security regularly during this trial.

ASUS: No app should be automatically and secretly enabling remote access to a private network. Absolutely unacceptable.

OE
 
  • Like
Reactions: hfm
This is the response that I received from the ASUS security team:

Hi,

Please reboot RT-AC87U, disable the access from wan and download the general log and send back to us for analysis.

We also need the following information: (1) firmware version (2) AiProtection enable or disable

After download the log, please reset your RT-AC87U and change the login password.
 
Yep, I discovered that with the current app and 2x86U AiMesh. But, this did not happen with the previous 2x68U AiMesh... I'm absolutely sure of this because I've been reviewing AiMesh security regularly during this trial.

ASUS: No app should be automatically and secretly enabling remote access to a private network. Absolutely unacceptable.

OE

Agreed but alas they have just corrected that very thing today and updated the app yay!
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top