Badeendje@lemmy.world
on 16 Jun 2024 14:14
nextcollapse
That site… even the model list is an advertorial.
XT8 (ZenWiFi AX XT8)
XT8_V2 (ZenWiFi AX XT8 V2)
RT-AX88U
RT-AX58U
RT-AX57
RT-AC86U
RT-AC68U
TheRealKuni@lemmy.world
on 16 Jun 2024 23:14
nextcollapse
So glad my RT-AC86U kept having serious issues with the 2.4 GHz radio such that nothing would stay connected to the internet without 5 GHz support so I eventually trashed the damn thing after every solution failed.
SmackemWittadic@lemmy.world
on 17 Jun 2024 14:25
collapse
Absolutely. Like why in the world would the article have a list of features included in each model of router?
sugar_in_your_tea@sh.itjust.works
on 18 Jun 2024 02:48
collapse
I honestly forget the model I have, but I know the capabilities. I’m guessing that’s why.
dktr@lemmy.world
on 16 Jun 2024 15:04
nextcollapse
Curious to know if this affects the DD-WRT style firmware as well?
DemBoSain@midwest.social
on 16 Jun 2024 15:56
nextcollapse
It’s really too bad I’m unable to update my firmware until I agree to let ASUS sell my data.
Sabata11792@ani.social
on 17 Jun 2024 00:10
nextcollapse
Let us sell your data or we wont fix this massive bug that’s also our fault.
bitchkat@lemmy.world
on 17 Jun 2024 00:59
collapse
Interestingly, I didn’t get any prompts. It did tell me to manually restart the router but once it did, no prompts. RT-AC68U running 3.0.0.4.386_51915
mox@lemmy.sdf.org
on 16 Jun 2024 16:48
nextcollapse
Friendly reminder that OpenWrt exists, and is probably safer than the stock firmware in any consumer router.
From a quick look, I see that at least one of the affected models has official OpenWrt support: the RT-AC68U
avidamoeba@lemmy.ca
on 16 Jun 2024 17:27
nextcollapse
Friendly reminder that OpenWrt supports Raspberry Pi and every Pi from 3 onwards makes for a great, inexpensive router. Adding WiFi can be done with any off-the-shelf WiFi router or access point, brand new or second hand. Since they aren’t exposed to the Internet, remote vulnerabilities are significantly mitigated.
Yup. I use a CM4 with a DFRobot router board running openwrt. Works great.
towerful@programming.dev
on 16 Jun 2024 23:34
nextcollapse
I thought OpenWRT doesn’t support modems due to licencing issues.
So, I guess you would need a separate modem, or ISP router in bridge mode, or double NAT with OpenWRT being DMZ
Badeendje@lemmy.world
on 16 Jun 2024 23:52
nextcollapse
I got fed up with trying to find the right firmware each time. It was too much of a hassle. Then small issues with the one I had… you need an earlier version… I love the idea, it was just a pain.
downhomechunk@midwest.social
on 17 Jun 2024 01:27
nextcollapse
I can only get merlin on my rt-ax86u pro. Only aimesh for me!
If you are willing to spend a bit more upfront, I bought a mini PC in 2017 and installed opnsense on it. It’s still rock solid. For wifi, I use a separate ap (a ubiquity UAP that I bought in 2015) and it is also going strong. Almost a decade of rock solid performance easily beats out any other router I’ve owned in terms of both performance and cost.
sugar_in_your_tea@sh.itjust.works
on 18 Jun 2024 02:51
collapse
Another friendly reminder, enterprise-grade routers like Mikrotik are fantastic. They don’t have wifi builtin, so you may never need to upgrade it if you get fast enough uplink (mine is gigabit, so should be fine). You’ll need a separate AP (I got Ubiquiti). They’re way more feature complete than nonsense like these from ASUS, and they generally have more secure firmware.
Merlin has the problem that it doesn’t have something like like aimesh where you can auto synch the config between all your routers. I’ve got a network of three Asus routers and they work great and I can admin them like they’re one router, and I’d hate to have to give that to up.
bitchkat@lemmy.world
on 17 Jun 2024 00:04
collapse
Will that let you download speeds greater than 160 mbps? The last time I tried Merlin, the ASUS router I had wouldn’t download at full speed allowed by my internet connection?
hoshikarakitaridia@lemmy.world
on 16 Jun 2024 20:21
nextcollapse
Yes vpn all the way.
I use remote access software for my PC and VPN is the only way I can be safe.
Professorozone@lemmy.world
on 16 Jun 2024 21:37
collapse
I heard that a while ago many VPN services were bought by the very people you use a VPN to protect against. How do you know which ones are safe?
Dultas@lemmy.world
on 16 Jun 2024 21:57
nextcollapse
This would be self hosted so you can access your own internal network. Wireguard on OpenVPN are your best options there, personally I use wireguard/pivpn.
I believe they mean setting up a VPN on your network, rather than buying a service from a VPN provider.
Something like Wireguard lets you configure individual devices to access your network remotely.
sugar_in_your_tea@sh.itjust.works
on 18 Jun 2024 02:45
collapse
Yup, I did that last week and it’s pretty easy. Basically:
Set up a VPS and configure wireguard
Set up your computer to connect to it (or your router if you literally only want remote admin); you’ll probably want to configure persistent connections
Set up your phone to connect to it
Test it at work sometime to make sure it all works
I do it in two hops: connect to VPS then to internal computer. There are other configurations (e.g. talk to peer computers directly), but this works well for me.
proton and mullvad are the privacy focused choices, but you are still just trusting a third party to be pinky promise to keep no logs etc.
Caboose12000@lemmy.world
on 17 Jun 2024 04:31
collapse
The way to tell which ones are safe is to look up legal history for each company. When the home country of the company demands all the data they have, the companies are going to give all the data they have. So if a court order of a VPN yields nothing or almost nothing, then you know they really don’t save any logs.
As someone else mentioned already, proton and mullvad are the good ones in, but that can change if either company gets bought out or changes management etc
According to the CVE it looks like my XT8 is already updated beyond the affected version. It says through version 3.0.0.4.388_24609 and mine is version 3.0.0.4.388_24621.
I also noticed this vulnerability was posted on May 29th with the last update being June 13th. Seems like this a report that’s already outdated.
threaded - newest
That site… even the model list is an advertorial.
So glad my RT-AC86U kept having serious issues with the 2.4 GHz radio such that nothing would stay connected to the internet without 5 GHz support so I eventually trashed the damn thing after every solution failed.
Absolutely. Like why in the world would the article have a list of features included in each model of router?
I honestly forget the model I have, but I know the capabilities. I’m guessing that’s why.
Curious to know if this affects the DD-WRT style firmware as well?
Nah, those get their own, unique set of security issues, discovered or otherwise. Hint: every firmware does.
Anyone got a link to the vulnerability information? I’d like to try it out on my router just for fun.
Edit: found the CVE
cve.mitre.org/cgi-bin/cvename.cgi?name=2024-3080
It’s really too bad I’m unable to update my firmware until I agree to let ASUS sell my data.
Let us sell your data or we wont fix this massive bug that’s also our fault.
Interestingly, I didn’t get any prompts. It did tell me to manually restart the router but once it did, no prompts. RT-AC68U running 3.0.0.4.386_51915
Friendly reminder that OpenWrt exists, and is probably safer than the stock firmware in any consumer router.
From a quick look, I see that at least one of the affected models has official OpenWrt support: the RT-AC68U
Friendly reminder that OpenWrt supports Raspberry Pi and every Pi from 3 onwards makes for a great, inexpensive router. Adding WiFi can be done with any off-the-shelf WiFi router or access point, brand new or second hand. Since they aren’t exposed to the Internet, remote vulnerabilities are significantly mitigated.
Yup. I use a CM4 with a DFRobot router board running openwrt. Works great.
I thought OpenWRT doesn’t support modems due to licencing issues.
So, I guess you would need a separate modem, or ISP router in bridge mode, or double NAT with OpenWRT being DMZ
I got fed up with trying to find the right firmware each time. It was too much of a hassle. Then small issues with the one I had… you need an earlier version… I love the idea, it was just a pain.
I can only get merlin on my rt-ax86u pro. Only aimesh for me!
If you are willing to spend a bit more upfront, I bought a mini PC in 2017 and installed opnsense on it. It’s still rock solid. For wifi, I use a separate ap (a ubiquity UAP that I bought in 2015) and it is also going strong. Almost a decade of rock solid performance easily beats out any other router I’ve owned in terms of both performance and cost.
Another friendly reminder, enterprise-grade routers like Mikrotik are fantastic. They don’t have wifi builtin, so you may never need to upgrade it if you get fast enough uplink (mine is gigabit, so should be fine). You’ll need a separate AP (I got Ubiquiti). They’re way more feature complete than nonsense like these from ASUS, and they generally have more secure firmware.
Thanks for the reminder to switch to merlin firmware.
Merlin has the problem that it doesn’t have something like like aimesh where you can auto synch the config between all your routers. I’ve got a network of three Asus routers and they work great and I can admin them like they’re one router, and I’d hate to have to give that to up.
Why do you have three routers? Even if you’re doing complex routing, you should be able to do it on one device.
The other two are in AP mode and are not running as routers.
Why not just buy APs?
Our router doesn’t support it (it’s the V2 model)
Checked the gnuton builds?
Will that let you download speeds greater than 160 mbps? The last time I tried Merlin, the ASUS router I had wouldn’t download at full speed allowed by my internet connection?
I’m getting full speed (currently 290mbps on verizon 5g).
Never turn on remote admin. You don’t need to admin your router from outside of your house.
And if you absolutely do. Set up a VPN.
Yes vpn all the way.
I use remote access software for my PC and VPN is the only way I can be safe.
I heard that a while ago many VPN services were bought by the very people you use a VPN to protect against. How do you know which ones are safe?
This would be self hosted so you can access your own internal network. Wireguard on OpenVPN are your best options there, personally I use wireguard/pivpn.
Pivpn was discontinued just a heads up. I switched to just plain wireguard when I heard the news.
I believe they mean setting up a VPN on your network, rather than buying a service from a VPN provider.
Something like Wireguard lets you configure individual devices to access your network remotely.
Yup, I did that last week and it’s pretty easy. Basically:
I do it in two hops: connect to VPS then to internal computer. There are other configurations (e.g. talk to peer computers directly), but this works well for me.
proton and mullvad are the privacy focused choices, but you are still just trusting a third party to be pinky promise to keep no logs etc.
The way to tell which ones are safe is to look up legal history for each company. When the home country of the company demands all the data they have, the companies are going to give all the data they have. So if a court order of a VPN yields nothing or almost nothing, then you know they really don’t save any logs.
As someone else mentioned already, proton and mullvad are the good ones in, but that can change if either company gets bought out or changes management etc
According to the CVE it looks like my XT8 is already updated beyond the affected version. It says through version 3.0.0.4.388_24609 and mine is version 3.0.0.4.388_24621.
I also noticed this vulnerability was posted on May 29th with the last update being June 13th. Seems like this a report that’s already outdated.