High-severity vulnerabilities affect a wide range of Asus router models(arstechnica.com)
arstechnica.com
High-severity vulnerabilities affect a wide range of Asus router models
https://arstechnica.com/security/2024/06/high-severity-vulnerabilities-affect-a-wide-range-of-asus-router-models/
26 comments
I highly recommend the Omnia Turris router. It has been rock solid since I purchased it last year, although on the more expensive side. Fully supported by OpenWRT, multiple miniPCIe slots for WiFi upgrade ability, and has two 1Gb ports connected to the CPU meaning one can be used for WAN and the other for LAN/switch. In other words full gigabit simultaneous upload + download
I remember getting burnt a while ago when attempting to flash a couple off-the-shelf routers with Tomato USB and then some other distro that I can't remember now. Both routers ended up getting bricked, with only one that I was able to flash again. I splurged last year and got a Protectli VP2420 that's been happily running every new release of OPNsense.
Is there a cheaper < $200 open source Wi-Fi alternative that I could recommend to friends and family? Not just OpenWRT, but preferably hardware and software that's developed more in tandem.
Is there a cheaper < $200 open source Wi-Fi alternative that I could recommend to friends and family? Not just OpenWRT, but preferably hardware and software that's developed more in tandem.
Would also like to know what to give to friends and family.
I used to use and recommend Ubiquiti but they seem to have gone down the drain last few years with dark UX, in-app promos and centralized cloud management with dubious security...
Recently had their Dream Router recommended, from someone supposedly knowing their stuff, though - anyone here for experience with it?
I used to use and recommend Ubiquiti but they seem to have gone down the drain last few years with dark UX, in-app promos and centralized cloud management with dubious security...
Recently had their Dream Router recommended, from someone supposedly knowing their stuff, though - anyone here for experience with it?
You should not have a router with WiFi. Wifi is a whole separate stack that does not integrate well and causes the device to perform poorly overall.
Always use a non wifi router and an access point with a good stack like ubiquiti. I don't know of any "open" devices because the stack is all black box anyways.
Always use a non wifi router and an access point with a good stack like ubiquiti. I don't know of any "open" devices because the stack is all black box anyways.
> Always use a non wifi router and an access point with a good stack like ubiquiti.
I use a Ubiquiti AP with my OPNsense router but this isn't a solution that majority of people I know will sign up for. I'm just hoping to get them to use a solution that will be secure, affordable, and supported for a few years. Currently they're all most likely using something all-in-one anyway.
I use a Ubiquiti AP with my OPNsense router but this isn't a solution that majority of people I know will sign up for. I'm just hoping to get them to use a solution that will be secure, affordable, and supported for a few years. Currently they're all most likely using something all-in-one anyway.
Nest is probably the most secure router (IIRC they had one 0-day in their entire history).
The firmware updates fixing these vulnerabilities all look to have shipped in March or April, so the disclosure seems reasonable.
It seems like RT-AC5300 is not affected, this time?
And it does seem like it's not supported by OpenWRT either?
And it does seem like it's not supported by OpenWRT either?
Thanks.
RT-AC5300 is End of Life, but there are other wireless routers that are also EOL mentioned in your link.
https://www.asus.com/event/network/EOL-product/
RT-AC5300 is End of Life, but there are other wireless routers that are also EOL mentioned in your link.
https://www.asus.com/event/network/EOL-product/
Seems like a bad time to own a router at the moment with all these vulnerabilities going around
fix them with: https://openwrt.org/
Of the affected models for CVE-2024-3080 and CVE-2024-3079, OpenWRT supports only the RT-AC68U.
None of the models affected by CVE-2024-3912 are supported by OpenWRT.
None of the models affected by CVE-2024-3912 are supported by OpenWRT.
Funnily, router vulnerabilities are what open the way to install OpenWRT.
Is there a reason that router manufacturers don't just ship some kind of open source software like this? Power users will prefer something like openwrt, and non power users won't care either way.
It seems like going closed/bespoke accomplishes absolutely nothing except opening the company up to these kinds of problems.
It seems like going closed/bespoke accomplishes absolutely nothing except opening the company up to these kinds of problems.
> Power users will prefer
Power users are the extremely small market.
Most people don't care, it should just work and OpenWRT doesn't have a (built-in) webui at all by default.[0]
If want to see a proper router webui for a prosumer router - look at ZyXel Keenetic, but take a note what they are honing it for more than a decade.
[0] at least as I understand it, didn't touch it for the deacde
Power users are the extremely small market.
Most people don't care, it should just work and OpenWRT doesn't have a (built-in) webui at all by default.[0]
If want to see a proper router webui for a prosumer router - look at ZyXel Keenetic, but take a note what they are honing it for more than a decade.
[0] at least as I understand it, didn't touch it for the deacde
They have a default web ui at least for the last 8 years.
Upgrading with non custom builds is a pain point as is removes the installed packages, which can lead to issues such as your remote router suddenly having no vpn connection.
That being said, I now prefer openwrt compatible routers as debugging and customization is soooo much easier.
Upgrading with non custom builds is a pain point as is removes the installed packages, which can lead to issues such as your remote router suddenly having no vpn connection.
That being said, I now prefer openwrt compatible routers as debugging and customization is soooo much easier.
> They have a default web ui at least for the last 8 years.
That's why I added that caveat - I didn't toouch it in a long time nor the quick suface search helped me
> That being said, I now prefer openwrt compatible routers
Well, if I would be in a market for a new one I would, of course, prefer one with such support, but I'm definetly in, at least, a prosumer market.
That's why I added that caveat - I didn't toouch it in a long time nor the quick suface search helped me
> That being said, I now prefer openwrt compatible routers
Well, if I would be in a market for a new one I would, of course, prefer one with such support, but I'm definetly in, at least, a prosumer market.
From Wikipedia:
>OpenWrt can be configured through either a command-line interface or a web interface called LuCI
It's been a long time since I used it myself, but I recall it having a web interface, and I didn't have to do anything special in the command line to set it up, it just had it.
From what I recall, it wasn't that different from the software that my router had before hand, other than that it had more features.
The quick start docs seem to support this:
https://openwrt.org/docs/guide-quick-start/walkthrough_login
>OpenWrt can be configured through either a command-line interface or a web interface called LuCI
It's been a long time since I used it myself, but I recall it having a web interface, and I didn't have to do anything special in the command line to set it up, it just had it.
From what I recall, it wasn't that different from the software that my router had before hand, other than that it had more features.
The quick start docs seem to support this:
https://openwrt.org/docs/guide-quick-start/walkthrough_login
- adding special (useless) features to make their product stand out
- private code means competitors can't read it and gain your "hard earned" knowledge
- "trade secrets"
- newer super fancy wireless tricks are presumably patented and require proprietary libraries / subscription fees etcQuite a few router OEMs do this these days. Its often a bespoke fork of openwrt so they can add their own features (OTA upgrades, web ui customization, etc), but still openwrt under the hood.
GL-inet does exactly that.
Except depending on model, you get to choose between being stuck on an ancient version with unpatched security vulnerabilities, or having not-properly-working drivers. I own 4 different models from them and currently don't use any of them due to inability to get builds stable or even working. I have poured through their patches and have very low confidence in security of their official firmware. There's some patches that would need backporting for hardware compat with upstream.
I would happily sponsor and help out with dev and infra for whomever sets out for a community upstream OpenWRT build for Glinet E750, FWIW.
I would happily sponsor and help out with dev and infra for whomever sets out for a community upstream OpenWRT build for Glinet E750, FWIW.
[deleted]
1: https://www.asuswrt-merlin.net