WARNING: ASUS router backdoor persists after firmware update

✨ Quic broadband | Samsung | AliExpress | Wise | Sharesies | GoodSync | Free white papers

Welcome Guest.

You haven't logged in yet. If you don't have an account you can register now.

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › WARNING: ASUS router backdoor persists after firmware update

freitasm

BDFL - Memuneh
79333 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#319763 30-May-2025 09:57

Send private message

From ASUS router backdoors affect 9K devices, persist after firmware updates:

The backdoor campaign targets multiple ASUS router models, with GreyNoise initially detecting attack attempts against their emulated ASUS RT-AC3200 and RT-AC3100 firmware profiles, both with “out-of-the-box” configuration settings.

The backdoor configuration in these attacks is stored in non-volatile random access memory (NVRAM) rather than the disk, making it resistant to removal via reboots or firmware upgrades.

“If a router was compromised before updating, the backdoor will still be present unless SSH access is explicitly reviewed and removed,” GreyNoise stated.

GreyNoise recommends users perform a full factory reset and manual reconfiguration on any device suspected to be compromised. Users can check if their device was compromised by checking for SSH access on TCP/53282 and for unauthorized entries in the authorized_keys file.

Details and workarounds (including how to identify if compromised and how to remove the backdoor): GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers

Not a high risk of automated attacks, but seeing there are quite a few ASUS routers in New Zealand, I recommend you check if the backdoor is present on your device using instructions on that page, update to the latest firmware and factory reset it to ensure the backdoor is gone.

Please support Geekzone by subscribing, or using one of our referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync

News and reviews »

Motorola Announces Partnership with One NZ and New Phone Lineup
Posted 12-Aug-2025 07:00

Samsung Galaxy Z Fold7 ReviewÂ
Posted 11-Aug-2025 16:11

Gen Threat Report Reveals Rise in Crypto, Sextortion and Tech Support Scams
Posted 7-Aug-2025 13:09

Logitech G and McLaren Racing Sign New, Expanded Multi-Year Partnership
Posted 7-Aug-2025 13:00

A Third of New Zealanders Fall for Online Scams Says Trend Micro
Posted 7-Aug-2025 12:43

OPPO Releases Its Most Stylish and Compact Smartwatch Yet, the Watch X2 Mini.
Posted 7-Aug-2025 12:37

Epson Launches New High-End EH-LS9000B Home Theatre Laser Projector
Posted 7-Aug-2025 12:34

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

RSS feeds: Main feed; Forums feed
Copyright: ©2002-2025 Geekzone®

Site features: Geekzone BI dashboard; Geekzone Badges; Geekzone Status Page

Affiliate links: Samsung; AliExpress; Wise; Sharesies; GoodSync

Site Information: Subscribe to Geekzone; Privacy Statement; Forum Usage Guidelines (FUG); Advertising; Trademark and copyright