"However, if you're running the third party Asuswrt-Merlin firmware, you're apparently safe, as the author of the third party firmware has already patched all the known security issues that ASUS has announced patches for."
third party does asus own work, i used to havea asus router and merlin firmware was pretty good, its similar to stock but has alot of good fixes and other updates
Yeah, Merlin is for-sure a major hero wrt (no pun intended) this scene. IMO, it is the number one reason to buy any consumer router. The fact they often work on/constantly update software (beyond Asus) leveraging what is often the best (performance/feature-wise) platform is somewhere between a convenient coincidence and necessity. He is the flip-side to the coin that is the Asus hardware team, unlike the software team (as we've seen in many instances: from mobos, to routers, to the Ally, fumble the ball or do heavy-handed/non-optimized stuff leading to problems). Asus has always appeared to me to be a company that does things through brute force and kitchen-sink approach rather than tactically (something I use to also associate with MSI), and he is the missing piece that completes the package in this particular category.
Think of him similar to a guy that would've preemptively made a home-brew bios to optimize chipset voltage/LLC to optimally/efficiently make use of their high-end motherboard hardware, rather than just cranking it up to 'win' and potentially blowing it up. Asus is a sledgehammer and this guy is a scalpel. More aptly, Asus makes a sports car pushed to it's stock limit with a bloated feature-set of software. Merlin is the nimble tuner/optimizer/plug-in version update guy which will make that car better/more reliable, but also will also back-port the software performance/optimization/features to your older soccer-mom car with the same or similarly-applicable engine. Or something like that. I don't know: I'm a nerd, not a car guy. You get what I mean, hopefully. Good hardware needs not just good, but well-managed software. Asus is robust in every way, but inefficient. He makes the best better, and doesn't make the mistakes/choices (for market/planned-obsolescence/support cost reasons) the actual OEM does.
I don't know how closely you or anyone else follows it, but I seem to recall him doing all kinds of work to manage plug-in/feature updates within the main memory and nvram/eeprom, and has even expounded upon potential problems/inefficiencies he's fixed in the past (some of which did not become a big
public deal for 'stock' users). My understanding is where-as most stock/open firmware keeps old configurations/settings (it's essentially additive), he routinely goes through the whole damn thing to keep everything tidy; add features (to old/other hardware) where possible and up-to-date (beyond what Asus does/can do in a timely manner) while avoiding potential buffer overflow problems at all cost.
I didn't realize how much of an issue these things potentially could be until I heard of others using stock/other firmware having reliability issues they didn't understand; it turns out running out of nvram post-updates. There was also Asus own recent very-public back-end blunder wrt how their routers handle security re: memory management that took down damn near everything. It proved not only what he was doing is 'optimal', but correct, and needed, optimization, for everything to run to best potential/capability/reliability.
The most he asks for is a manual restart or the very-occasional factory reset to keep things smooth, and explains why very well in both forum posts and included read-mes. Very cool/knowledgeable/professional cat. His 3-minute update percentage bar also only takes about 2 minutes of operation in reality (essentially it will be done before you think it should be), which sums it all up pretty well. Guy tapping temple gif.
He also supports routers as long as humanly possible (essentially they have too little memory for him to add/update Asus' bloated features or they cut an applicable driver branch). While you could argue (some of the) work should be done by Asus, and it should, I honestly question if they are similarly capable, and obviously they purposely wouldn't do some things he implements for people.
The value of what he (constantly/consistently) does is kind of immeasurable, and is the exactly correct person for the job doing it the only way it can realistically be done.
