"Around 50,000 ASUS routers have been compromised in a sophisticated attack..."

For some reason I find it surprising that 50,000 people thought it was a good idea to turn on remote access to their routers. You don't want to do that even with Opnsense or Unifi. Unifi's cloud management scares me too -- yet many businesses use it even though you'd think they would know better.
 
  • Like
Reactions: SouthernYankee, weigle2, Mike A. and 10 others
bp2008 said:
For some reason I find it surprising that 50,000 people thought it was a good idea to turn on remote access to their routers. You don't want to do that even with Opnsense or Unifi. Unifi's cloud management scares me too -- yet many businesses use it even though you'd think they would know better.
Click to expand...

I'm surprised it's not MORE than 50k....

The average homeowner has ZERO knowledge of what the different settings on their router really mean - especially when it comes to network security. Of course most people on this forum are not "average" or they wouldn't have found this site to begin with.
 
  • Like
Reactions: CCTVCam, sdkid, dabflyboy and 6 others
bp2008 said:
For some reason I find it surprising that 50,000 people thought it was a good idea to turn on remote access to their routers. You don't want to do that even with Opnsense or Unifi. Unifi's cloud management scares me too -- yet many businesses use it even though you'd think they would know better.
Click to expand...
My new Asus router that I installed a month ago, came with remote access off by default.
 
  • Like
Reactions: CCTVCam, Clark Griswald and c hris527
I have the AX-55. port forwarding and remote access off by Default.
Now If your a putz, and didn't change the default admin/ pwd settings, your vulnerable to anything.
This thing sat largely as a wifi repeater after i got the Verizon modem/switch.
Earlier this month we had Gateway Fiber connected. Now it's back in a big way.

Because the MyQ Garage door opener, and the Amcrest doorbell, and the Tapo c121, AND her Wyze garbage bedroom paranoia cam,
are all on the wifi network of the Asus SSID "106thAve", AND the LAN IP range of all the cameras and BI machine are all on 192.168.0.xxx,
deep breath...
It was too damn much hassle right now to take down the whole network to get to the Gateway Fiber's Router/switch LAN Ip range of 192.168.40.xxx
with it's limited access APP which allows very little management settings.
I havent gone deep on the Zyxel EX5512-TO yet via Lan. So I've got a Static IP from their modem to a Provided Zyxel router to an ASUS ax-55 at the moment and getting about 320 up and 318 down via LAN and 314down/246up on the mobile phone. the 246 Up congestion is probably because the TAPO and Wyze are multicasting feeds to a Chinese reality TV show probably called ( WhatdatHonkyDoingnow) servers in Hong Kong.
 
Last edited:
  • Haha
Reactions: johnfitz, looney2ns, bp2008 and 1 other person
It may be worth knowing which routers were affected. I copied the following from "The Register" (May 2025) which was linked in the first post of this thread.

"The specific models affected included the RT-AC3100, RT-AC3200, and RT-AX55. The latter remains one of the more popular Wi-Fi 6 routers to this day, and although the RT-AC3100 and RT-AC3200 are Wi-Fi 5-based, they were both widely used, high-end models when they launched around ten years ago."

At the bottom of the same write up from May 2025:

"It also reminded users that updates alone won't close off the SSH backdoor, so they should check for any signs of compromise.

If users think they may have been hit, or for those who aren't technical enough to check, it's factory-reset time."

From the Nov 2025 write up:
"The affected routers are primarily concentrated in Taiwan and Southeast Asia, with minimal impact on mainland China, Russia, or the United States."
 
  • Like
Reactions: The Automation Guy
The big problem with many routers / consumer cameras is they encourage port forwarding. You can never have network security when your camera tells you or even assists you in port forwarding to enable remote viewing. I've often thought that all routers should have a warning about using port forwarding built with a suggestion to set up a VPN instead. The issue here, is most ISP routers are cut down versions of the retail router and often don't have VPN built in. So it's kind of like asking Turkeys to vote for Christmas as you're asking the ISP to point out the failings of their supplied cut down router.

I asked my last ISP about it and they said they had no plans to supply routers with VPN's built in as they didn't see it as a feature most consumers wanted / understood / would find useful / use.
 
  • Like
Reactions: The Automation Guy and Flintstone61
CCTVCam said:
The big problem with many routers / consumer cameras is they encourage port forwarding. You can never have network security when your camera tells you or even assists you in port forwarding to enable remote viewing. I've often thought that all routers should have a warning about using port forwarding built with a suggestion to set up a VPN instead. The issue here, is most ISP routers are cut down versions of the retail router and often don't have VPN built in. So it's kind of like asking Turkeys to vote for Christmas as you're asking the ISP to point out the failings of their supplied cut down router.

I asked my last ISP about it and they said they had no plans to supply routers with VPN's built in as they didn't see it as a feature most consumers wanted / understood / would find useful / use.
Click to expand...
Also you have to blame NVR systems for not implementing VPN in their firmware, or the ability for someone to install VPN on their NVRs.
 
  • Like
Reactions: The Automation Guy
You must log in or register to reply here.
Top Bottom