According to the CVE it looks like my XT8 is already updated beyond the affected version. It says through version 3.0.0.4.388_24609 and mine is version 3.0.0.4.388_24621.
I also noticed this vulnerability was posted on May 29th with the last update being June 13th. Seems like this a report that’s already outdated.
Curious to know if this affects the DD-WRT style firmware as well?
That site… even the model list is an advertorial.
- XT8 (ZenWiFi AX XT8)
- XT8_V2 (ZenWiFi AX XT8 V2)
- RT-AX88U
- RT-AX58U
- RT-AX57
- RT-AC86U
- RT-AC68U
Absolutely. Like why in the world would the article have a list of features included in each model of router?
Anyone got a link to the vulnerability information? I’d like to try it out on my router just for fun.
It’s really too bad I’m unable to update my firmware until I agree to let ASUS sell my data.
Interestingly, I didn’t get any prompts. It did tell me to manually restart the router but once it did, no prompts. RT-AC68U running 3.0.0.4.386_51915
Friendly reminder that OpenWrt exists, and is probably safer than the stock firmware in any consumer router.
From a quick look, I see that at least one of the affected models has official OpenWrt support: the RT-AC68U
Friendly reminder that OpenWrt supports Raspberry Pi and every Pi from 3 onwards makes for a great, inexpensive router. Adding WiFi can be done with any off-the-shelf WiFi router or access point, brand new or second hand. Since they aren’t exposed to the Internet, remote vulnerabilities are significantly mitigated.
Yup. I use a CM4 with a DFRobot router board running openwrt. Works great.
I thought OpenWRT doesn’t support modems due to licencing issues.
So, I guess you would need a separate modem, or ISP router in bridge mode, or double NAT with OpenWRT being DMZI can only get merlin on my rt-ax86u pro. Only aimesh for me!
I got fed up with trying to find the right firmware each time. It was too much of a hassle. Then small issues with the one I had… you need an earlier version… I love the idea, it was just a pain.
Thanks for the reminder to switch to merlin firmware.
Will that let you download speeds greater than 160 mbps? The last time I tried Merlin, the ASUS router I had wouldn’t download at full speed allowed by my internet connection?
I’m getting full speed (currently 290mbps on verizon 5g).
Never turn on remote admin. You don’t need to admin your router from outside of your house.
