Serious Discussion Those of you running Asus Merlin Firmware on your router please check if you can log into your router.

[cartaphilus]

I came across something very weird at one of my Asus Routers. I have been running Merlin Firmware (not the latest, but only few months old); so yesterday I've tried logging into the router but it would not accept my username or password. It kepts saying wrong credentials. Thus, I performed factory reset both via RESET PIN and via WPS button. After the reset I have added new username and password; however, after the router reboot I was once again faced with wrong username and password. I performed the reset multiple times and each time I was able to initially configure a new username and password but upon router reboot the router would not accept it.

In the end I was forced to use the Asus Router Recovery software and conduct a full system reflash; this has solved the issue. Kind of strange don't you think?

 

[Victor M]

Sounds like a hacking job. Tthat the full re-flash fixed it and that it was a security degrade sounds fishy. I think perimeter devices are hot topics now.

 

[lokamoka820]

Use this tool to test your new configuration; it will assist in identifying any vulnerabilities.

GRC | ShieldsUP! — Internet Vulnerability Profiling

GRC Internet Security Detection System

www.grc.com

 

[cartaphilus]

Use this tool to test your new configuration; it will assist in identifying any vulnerabilities.

GRC | ShieldsUP! — Internet Vulnerability Profiling

GRC Internet Security Detection System

www.grc.com

Oh my God. Gibson?!??! I haven't seen that site in probably a decade. And it looks the same as it looked back in 1998 or whereabouts. I used to have a Spinrite 5 lic. Wow soo many memories. Thank you for that.

Note to those wanting to conduct the scan. Make sure to disable IDS in TrendMicro side of Asus else you will get an a possible false negative as IDS will detect a port scan and block the event.

 

[Zero Knowledge]

If you think you've been hacked you probably have, if you think you haven't you most likely have and don't know it.

 

[cartaphilus]

If you think you've been hacked you probably have, if you think you haven't you most likely have and don't know it.

Yeap the most successful hack is the one you don't know about. Hack is like cancer, the worst ones are the ones that only show symptoms at stage IV and by that time it's already too late.

 

[Sorrento]

It does sound to weird to just dismiss it to be honest, you said one of my Asus routers, do you have more on your system?

 

[cartaphilus]

It does sound to weird to just dismiss it to be honest, you said one of my Asus routers, do you have more on your system?

I manage my parents and my sister's network along with few locations I frequent around this little blue dot.

And yes I found it very suspicious, I took the router apart to see if physical changes have been made and nope. So its only software. It might have been nothing maybe a corrupted nvram partition but after a WPS NVRAM deep wipe method failed I decided to download the latest Asus firmware and not a modded one. Then I staged Asus into rescue mode and did the hardwired firmware wipe and reflash.

After that was done the router worked as intended.

However I did place it in series with a sniffer to see if the router was attempting to phone home somewhere. Monitored it for 24hrs and nothing unusual. So I think I am in the clear.

Lesson learned, I won't be using a 3rd party moded firmware any longer. I was being too trusting and naive.