Why sure, I would be happy to help you find literally the very first link in the article, which is in the third paragraph. Since you asked politely and all.
I read all that, I just didnt believe that the end result was that we were supposed to manually check every ASUS router in order to find the vulnerable ones. Seems like it should be limited to certain models/firmwares, or am I missing something still?
Just read dohpaz42’s comment. They literally copy and pasted for you the relevant text: How to check if you’re infected already, and how to protect yourself in the future (which means apply updates).
Probably because it’s not limited to one or two specific models. Read the article:
The only way for router users to determine whether their devices are infected is by checking the SSH settings in the configuration panel. Infected routers will show that the device can be logged into by SSH over port 53282 using a digital certificate with a truncated key of
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAo41nBoVFfj4HlVMGV+YPsxMDrMlbdDZ…
To remove the backdoor, infected users should remove the key and the port setting.
People can also determine if they’ve been targeted if system logs indicate that they have been accessed through the IP addresses 101.99.91[.]151, 101.99.94[.]173, 79.141.163[.]179, or 111.90.146[.]237. Users of any router brand should always ensure their devices receive security updates in a timely manner.
…and this article doesn’t tell you which models or link to any resources that do? How is this helping?
From article: "Recommendations
Why sure, I would be happy to help you find literally the very first link in the article, which is in the third paragraph. Since you asked politely and all.
I read all that, I just didnt believe that the end result was that we were supposed to manually check every ASUS router in order to find the vulnerable ones. Seems like it should be limited to certain models/firmwares, or am I missing something still?
Just read dohpaz42’s comment. They literally copy and pasted for you the relevant text: How to check if you’re infected already, and how to protect yourself in the future (which means apply updates).
This affects multiple FW versions and models.
The article does tell you how to check if you are infected, and how to remove the access.
It referenced this btw, which does have the details you’re looking for. Not sure if it updated.
https://www.greynoise.io/blog/stealthy-backdoor-campaign-affecting-asus-routers
Probably because it’s not limited to one or two specific models. Read the article:
There’s your answer.
I like how you’re supposed to get updates from the same company that left the security holes open, or are actively monitoring them.