No one is attempting to access your home network.
No one is attempting to access your home network.
Hello, I noticed some strange problems with your Wi-Fi and connected devices. You experience drops on your phone and can’t connect to your home security cameras from within the network. It works when you switch off Wi-Fi and use mobile data instead. Recently, you enabled the AI protection feature on your 11-year-old router (RT-AC87U). I’m trying to understand what’s happening and how to fix it. Could you clarify what’s going on?
It seems someone is exploiting an outdated vulnerability on your device. CVE-2021-35384 enables remote code execution if someone gains sufficient access. I recommend disconnecting the device from the internet immediately or updating it right away. A high-severity RCE flaw (score 9.8) poses a serious risk, as many hackers target such weaknesses. You can learn more at https://nvd.nist.gov/vuln/detail/cve-2021-35394. It’s possible the attacker scanned your IP or checked specific sites to find weaknesses. They might be beginners—script kiddies often test these easily. If you want, I can help you check for additional RCE attempts on your IP or suggest router updates.
Determine the specific device by checking its network settings and system information. Ensure all connected devices are functioning properly without issues. If a command-line exploit is suspected, verify that PC updates are complete and consistent across all systems.
You removed the "destination" from your screenshot, which is probably an IP address on your network. ASUS routers usually display a list of connected clients with their IP addresses on a main page. If needed, choose each entry to view the details of the associated device.
It seems unlikely someone would attempt a remote code execution on a typical user device. Perhaps it's just a botnet testing vulnerabilities to see what happens. If you have an 11-year-old router, I’d recommend replacing it or checking for outdated software like Realtek Jungle SDK—uninstalling it if unnecessary or updating it if needed would likely fix the problem.
the source ip shown in your screenshot displays a standard apache homepage if you open it directly (DO NOT DO THIS) I think it could be a compromised address or a compromised system, though I’m guessing it might not be accurate. My understanding is limited.
The destination wasn't a local IP inside your network means the scan or attack aimed at the external IP provided by your ISP, which could be linked to your ASUS router (or not). You'd need to consult the manual or contact someone knowledgeable about ASUS protection. I use ASUS devices in AP mode and not in router mode, so I'm unsure. I also have a separate dedicated router with built-in intrusion prevention and detection.
acknowledge that false positives can occur sometimes. it’s possible your software is mistakenly flagging activity as an attack by your router’s firewall. this might happen with outdated systems that can’t be updated. consider blocking the offending IP if you notice repeated warnings about similar exploits from other public addresses.