Archer AXE300 Firmware Alternatives
What options are out there with more frequent vulnerability updates. Took Tp-link over a year to release a new FW.
Does DD-WRT and others support this router? What are you using and any issues? B/c it is Broadcom chip I'm going to assume no but curious if someone figured it out.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I have installed DD-WRT on a Linksys router to gain some functionality before I got an Archer C8. DD-WRT worked fine but I do not recall any updates to it during the year or so I used it. I have since replaced the C8.
You have to ask yourself, which is better; open source firmware such as DD-WRT, vendor modified firmware such as Merlin on Asus routers, or the vendor's firmware.
They all have good and bad points. They are only as good as the persons that support them.
When I buy a router, I want one that covers all my network needs, is supported, and does not expose me to the outside internet. If a router requires that I have to sign on to a website somewhere in order to setup and maintain, I do not want it. It can be a option but not required.
DD-WRT and other open source products like Linux has been breeched in the past.
I prefer to use the vendor's firmware as long as it fits my needs. I think the vendor has more invested in keeping it current.
I think many router vendors have too many products which makes it harder for them to support all of the models and versions. Synology has very few routers, but they are not up to date with the latest tech and they are mainly a network storage company. I have no experience with Synology, but it is interesting to me.
What router works for me may not work for you.
- Copy Link
- Report Inappropriate Content
@ArcherC8 I simply asked a question if an alternative FW is available knowing the Broadcom limitation. I didn't ask for a open source distortation.
Since you went down this rabbit hole you realize Tp-Link is the subject of potential ban and has been found to leave open a backdoor for the CCP and other chinese hackers to exploit?
You complain about open source updates, the AXE300 didn't receive an update in over a year until just a few weeks ago. This mean all the vulnerabilities and backdoor left behind exposed every single customer with these routers and more.
If you don't like DD-WRT as you know there is other options and they are updated in a more frequent manner than the MFG. Most MFG don't provide upgrades on older models because they want you to continuously purchase new products like phone MFG. Not providing an upgrade on newer models like these is inexcusable by TP-link and the urgent need to hack the broadcom binary to reverse engineer it or just dump this router.
Agree with you that there is pros and cons, but to placate the open source over the vendor FW b/c they are more vested is fools gold. Read my statement above, the MFG doesn't care any more than those supporting open source projects. The folks who maintain the open source are far more vested than the MFG to keep an older model updated becasue the FW spans across multiple generations of processors so it impacts more than just a single router.
You mention Synology, they have a great storage solution which is updated regularly. Why you would buy a router from them is beyond me as that is not their niche. You don't go to a tire shop and buy an engine.
Sometimes the consumers need to wisen up.
- Copy Link
- Report Inappropriate Content
AXE16000_A wrote
@ArcherC8 I simply asked a question if an alternative FW is available knowing the Broadcom limitation. I didn't ask for a open source distortation.
Since you went down this rabbit hole you realize Tp-Link is the subject of potential ban and has been found to leave open a backdoor for the CCP and other chinese hackers to exploit?
You complain about open source updates, the AXE300 didn't receive an update in over a year until just a few weeks ago. This mean all the vulnerabilities and backdoor left behind exposed every single customer with these routers and more.
If you don't like DD-WRT as you know there is other options and they are updated in a more frequent manner than the MFG. Most MFG don't provide upgrades on older models because they want you to continuously purchase new products like phone MFG. Not providing an upgrade on newer models like these is inexcusable by TP-link and the urgent need to hack the broadcom binary to reverse engineer it or just dump this router.
Agree with you that there is pros and cons, but to placate the open source over the vendor FW b/c they are more vested is fools gold. Read my statement above, the MFG doesn't care any more than those supporting open source projects. The folks who maintain the open source are far more vested than the MFG to keep an older model updated becasue the FW spans across multiple generations of processors so it impacts more than just a single router.
You mention Synology, they have a great storage solution which is updated regularly. Why you would buy a router from them is beyond me as that is not their niche. You don't go to a tire shop and buy an engine.
Sometimes the consumers need to wisen up.
@AXE16000_A industry standard is 2 years of firmware updates for any router; the box even specifically states 2 years of support. . The AXE300 is 3 years old, meaning TP-Link was only required to provide 2 years of firmware updates.
Consumers are required by US law to make sure the routers they buy are still supported by the vendor, not the other way round.
- Copy Link
- Report Inappropriate Content
@Richardj186 You are correct similar to phones the support is limited to 1-3 year span for updates.
This is why open source is a better option as I mentioned the support for a common chip across multiple products lasts much longer than the 1-3 year period the MFG provides updates to keep up with security patching.
There is no "law" requiring consumers to buy a supported router. If you have a reference i would love to see that law, whether federal or state.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
That is pretty much most consumer routers these days and phones. However, third party FW and some MFG try to extend support by providing years of FW support. Netgear provides a good amount of updates for about 5 years before the completely drop support. The issue with TP-link is their updates are once a year if that.
- Copy Link
- Report Inappropriate Content
Open Source router firmware has it place where the product is enhanced or the support is extended. But at some point the support from Open Source is going to end. I doubt that my previous router an Archer C8 V1 is supported with the lastest security features any more by DD-WRT or anybody else. Maybe, if there is GPL code change (which TP Link uses), it may be recompiled.
Some may think DD-WRT is safer than the vendors formware. I know that there have been many security breaches in Open Source code including Linux. Linux is used in many Open Source code including in DD-WRT. Also if you google "dd-wrt security breach" you can see some of them.
As I have stated in a previous post, I am looking at OPNsense or PFsense as it is a security device that can be installed between the modem and router in bridge mode. There is a lot to learn. It is suppoerted by a large group and by companies, has been in use for many years, runs on many platforms, and is used by many companies to secure their networks. By using one, I would be less concerned with the lack of firmware releases from a vendor as the router gets to the end-of-life cycle. I like to get the most life out of my devices.
- Copy Link
- Report Inappropriate Content
There is no such thing as 100% safe regardless of who you use. The MFG are not incentivised to keep the FW going for extended periods of time because they want to sell you new hardware. That is a fact. Open source FW developers and hobbyists keep the routers secure longer b/c there is not monetary incentive, they simply do it because they want to and always have a longer support structure than the MFG.
Saying open source FW is not secure is no more true than a MFG that provides upgrades once a year like TP-Link.
I have a PFsense device I custom built and ran for a while. The problem with these packet inspection/FW appliances is the hit you take on the back end. So before jumping on to build or buying a COTS device which supports these open source applicantions, take into consideration the trade off. Having said that even PFSense and similar have vulnerabilities which are patched and updated, again by folks supporting Open source software, not some sleezy corportaion looking to maximize their profits by dropping support after 1-3 years
If you are that worried about security air gap your system, nothing is 100% fool proof and safe.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
It's like you stated already, find a solution which works best for your individual needs.
Cheers and Happy Holidays
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 162
Replies: 10
Voters 0
No one has voted for it yet.