ASUS GT-AX11000 firmware update problems.

[DownUnderMatty]

Hey Everyone,

 

I hope this was the right place to post this.

 

I went to update the firmware on my GT-AX11000 and the router couldn't connect to the ASUS server to update, so I downloaded the latest firmware and manually updated it through the router's web GUI. That all worked well until I went to log in to the web GUI again and got these messages (seen in supplied screen shots). I confirmed with ASUS on the phone that the firmware I downloaded was the latest one and made sure I downloaded it from the official ASUS website. I would like to know if this is something that can happen and why and am I now logging into the "proper" or "legit" web GUI and is everything still above board, security wise. Any help would be greatly appreciated.

 

Thank you!!

 

 

 

 

 

[Bombastinator]

Hmm seems the firmware flash went fine.  One wouldn’t expect a freshly reflashed thing to keep any data.  It’s probably the original default password rather than something you changed it to.  The certificate thing is unusual, but also reasonable.  Unless you’re looking at a man-in-the-middle attack, which I honestly doubt. You seem to be able to contact asus support just fine.  Maybe ask them.  

[LAwLz]

This is perfectly fine. Nothing to worry about. 

 

You will always get a certificate error when browsing to an IP using HTTPS like you are right now.

You used to browse with unencrypted HTTP, which is why your router now suggested you upgrade to HTTPS. 

[DownUnderMatty]

15 hours ago, LAwLz said:

This is perfectly fine. Nothing to worry about. 

 

You will always get a certificate error when browsing to an IP using HTTPS like you are right now.

You used to browse with unencrypted HTTP, which is why your router now suggested you upgrade to HTTPS. 

Thank you very much for the reply. Much appreciated!

[DownUnderMatty]

16 hours ago, Bombastinator said:

Hmm seems the firmware flash went fine.  One wouldn’t expect a freshly reflashed thing to keep any data.  It’s probably the original default password rather than something you changed it to.  The certificate thing is unusual, but also reasonable.  Unless you’re looking at a man-in-the-middle attack, which I honestly doubt. You seem to be able to contact asus support just fine.  Maybe ask them.  

Thank you very much for the reply.

 

When I spoke to ASUS support again, I couldn’t get a straight answer on why or how it was happening. So the tech said they’d send me an email so I could attach screen shots to it. I’ve done that but haven’t heard back from them yet.

 

Thank you for your help.

[LAwLz]

15 hours ago, DownUnderMatty said:

Thank you very much for the reply. Much appreciated!

No problem!

 

If you want more details then this is what is happening and why.

 

 

You navigated to your routers web GUI using HTTP at first. HTTP is considered unsafe because it is not encrypted, and it does not protect against a wide range of attacks. In general, this is fine for home use since the attacker has to be on the same network, but still, it's not really ideal.

So Asus recommends you navigate to the web GUI using HTTPS (this is what you saw in the first screenshot). That link that says "Click her to continue" most likely takes you to the HTTPS version.

 

 

HTTPS is encrypted, and considered safe. The "problem" is that HTTPS relies on certificates, and certificates generally rely on some other services to work properly (most of which costs money). For example when you browse to LinusTechTips.Com the website presents its certificate to your browser. Your browser then validates that the certificate is accurate.

 

The problem is that your router most likely does not have all the requirements to get a "proper" certificate. Not only would it most likely cost Asus a lot of money to get that set up, but it's not even sure it would work because of outside factors. So what Asus does is create their own certificate and put on the router, which the router then presents to you. Your browser does not recognize this certificate (since it's not a cert issued by one of the big cert issuers, called CA) and as a result you get the "CERT_AUTHORITY_INVALID" warning. 

 

The reason why Chrome considers this "not secure" is because Chrome has no way of knowing if the router you are logging into is actually the real router. Since it has never seen the certificate the router presents itself with, Chrome has no way of knowing if that certificate is real and accurate.

 

Think of it like this. Some random person walks up to you and hands you their ID card. But the "ID card" is one they had made themselves. The person says "my name is Bob Smith" and the ID card says "Name: Bob Smith".

 

You would have no way of knowing if the person standing in front of you was actually Bob Smith, because anyone could have made that ID card. It's not a valid ID card issued by the government.

Now, imagine if the government charged 200 dollars a year for an ID card. If they did that then it would make sense for people to have "home made ID cards", or possibly no ID card at all. Same deal here.

 

 

 

 

Hope that explained it a little bit better.