What just happened? Last month Asus was absolutely hammered by the PC community after its unacceptable response to the ongoing Ryzen 7000 voltage issues. The company shot itself in the other foot earlier this week after introducing an error during a routine security maintenance procedure that unexpectedly took routers and users everywhere offline.
Asus router users began reporting connectivity issues on May 16th via Asus forums and other social media outlets, quickly establishing a failure pattern too common to be considered a coincidence. Despite user attempts to contact Asus for support, the hardware manufacturer remained silent and provided no statement or guidance for the next 48 hours. Asus finally acknowledged the issue on May 19th, publishing a product security advisory outlining the connectivity issue. Asus claims a configuration file update during "routine security maintenance" introduced the error.
A Redditor, TheDeviceMangler, offered a hypothesis regarding the issue's root cause. According to TheDeviceMangler's findings, Asus pushed a corrupted definition (/jffs/asd/chknvram20230516) for a built-in security daemon used in many of its routers. Deployed routers automatically updated and fetched this corrupted definition file, resulting in file system memory and crashing issues.
While Asus has not officially confirmed it, multiple affected users believe the file directly relates to the company's AIProtection suite. The suite blocks access to questionable websites, protecting users from spyware, malware, and other unwanted applications while preventing potential distributed denial of service (DDOS) attacks and other security incidents. The tool can also communicate incidents and status back to its users.
The faulty configuration file has since been removed from the company's servers and should not cause further customer connectivity issues. According to the Asus security advisory, affected users should take the following steps:
- Manually reboot your router.
- If rebooting does not resolve the issue, please save the settings file, perform a hard reset (factory default), and then re-upload the settings file (follow the directions in the https://www.asus.com/support/FAQ/1050464 )
- If you cannot access the user interface to save settings or perform a reset, you can press the RESET button for about 5-10 seconds until the power LED indicator on the router starts to blink, which means the reset is completed. https://www.asus.com/support/FAQ/1000925/#m2
Asus did apologize to users, stating, "We deeply apologize for any inconvenience this incident may have caused and are committed to preventing such an incident from happening again." But much like its previous attempts to diffuse a problematic hardware-related situation, its communication with customers came a little too late.
https://www.techspot.com/news/98765-asus-apologizes-after-bad-server-update-causes-widespread.html
