Elite Team came for on site troubleshooting with the following results:

A. Asus gt-ax11000 as router and dlink as modem, only technician windows laptop can get full 500mbps download speed. All my devices like Apple TV wired to Asus router, iPhone 16 pm, and even technician hand held device wired to my Asus router, all can get max around 150mbps upload speed.

B. Reset dlink and install 3.0.6 latest firmware, setup as bridge mode, same result with the above.

C. Reset dlink and setup as combo, Asus gt-ax11000 setup as ap mode, all devices can get full upload speed.

D. Reset dlink and setup as modem, use another Asus router of mine which is xt8 setup as router, same result with A above.

E. Use skyworth setup as modem, and use either 1 of the Asus router, same result with A.

Conclusion is suspecting Asus router firmware bug?? Need to check with Asus.

So stress doing all these simulations 

Btw, can some one shared if you are on 1gbps plan and Telekom device setup as bridge and running own router, please let me know what Telekom device brand, and router model assuming your up speed is 500mbps. If possible pm me your Unifi id so I can get elite team to check and verify.  Thank you so much.

Anime4000 the use of IoT item in router & IoT cloud. The same concept used by ip cctv which can remotely view using smartphone.

To be honest, both are Vulnerable, since firmware being publish here, guy/team from my discord PON Hacking look and found attack vector, even can pivot from PPPoE to VLAN209 and VLAN400
They planning make 2G user as VPN Server for them

For serious business, they don't use AIO, for 2G plan they use my NIJIKA, for 1G, stay with old ONU which is much safer and dumb
SDK Source Code, Taurus Board that D-Link DPN-FX3060V (A1/B1)



What I know D-Link and Skyworth runs on ancient server



Another Taurus Board, Zyxel AOT5221ZY that runs on OpenWRT




Since both D-Link and Zyxel use same SoC, making D-Link use OpenWRT is my next project, by dissecting Zyxel indeed

As I have the SDK, I can convert TM Blob to TIME compatible ONU, or even Maxis own Infra

So let me guess, TM going to ignore this issue? Is there any official or insider confirmation that they were aware of this vulnerability and working on patches? Does this only affects the Ultra Combo ONRs or the regular ONR as well (+ Fiberhome and ZTE)? Did they replicate the vulnerability at their R&D side?

Yes, pretty much any ISP provided equipment, security patches not their priority as these equipment are cheap enough.

I have told them, but my friend said just leave it, want cheap internet, no security.

security cost money 😔

like D-Link 2.0.3 to 2.0.6, just improving on GPON performance, not security, vulnerability still exists according to them.

They didn't tell me how to do it, and I never wanted to know, knowing it I can be prosecuted 😭

old screenshot hack on action




This good learn, ISP CPE cloud is bad:
researcher accidentally finds O-day affecting his entire internet service provider


since I own both D-Link A1 and B1
I plan to make D-Link ONR using OpenWRT by using Zyxel as base since both use same Processor

also using ONR is never been good, ISP still have total control of that device,
Let say, DNS filtering happening again, they don't like use custom DNS, ISP can override even without TR069, just from OMCI can do that,

All my reply regarding T-CONT or OLT related things as I assumed you're using combo dlink included already got 500Mbps before. Nothing wrong with OLT config except 300Mbps was the result of dlink in combo mode. Wrong result from physical port of 3rd party router is not related to ISP side because you can get full suscribed speed with official ONR.

Is this asus have dual wan function? Basically buil-in router QoS priority is 2.5GBe port than 1GBe although not labeled as WAN but  it also is WAN port. If the WAN source is from 2.5GBe WAN/LAN1, the client must use 2.5G port if available as standalone port. Basically can set which port primary WAN for consumer router.

From ur ©, I can see that gaming router design supposed to be used in internet ready environment especially for built-in functions like vpn server,pptp etc. By default combo mode dlink QoS is disabled. No need to use bridge mode to avoid firewall or QoS.

Also actually can bypass router & use modem function only in combo mode ONR. Crap skyworth ONR as an example have function to bypass router function let say although it client of dlink combo. When connect to combo router using pppoe bridge mode,  it like direct connection with dlink modem, bypassing dlink router. Not sure if ur expensive router have pppoe bridge function.

** The crap SR1041F also support pppoe bridge. I set pppoe dialer in my standalone ZTE ONU or when use ONR in bridge mode to make internet ready environment so I can different routers everytime, just like leased line.

Thanks for the detailed explanation. I did went through the blog of the owner. He perfectly replicate and explain the vulnerability of using unpatched ISP equipment's. Hence Maxis is the next best option if new users wants to subscribe internet access due to maxis is still giving the standalone units. I guess they are using Skyworth if not my mistaken.

Maxis on TM fiber still ONU + Router layout
the ONU is 2.5G single port

now, TM need push OMCI on Both LAN 1 and 2 now 🤣🤣🤣
because that ONU only has one 2.5G

for this reason, TM cannot support Unifi + Maxis on same ONU

I get your logic there. Do you think they will use the older configurations back on, since ONR is not a permanent solution, especially for businesses. I mean, we are talking about an unpatched vulnerabilities. There are a few engines that can provide details about the ports, and some still using default login credentials. I've seen my clients using ONR for their businesses, only to be secured by a dedicated firewall.
Assuming maxis user who sub to Maxis's 2Gbps plan, and after 2 years, the user wants to shift to Unifi. This means, without the OMCI push for LAN 1 and 2 for the ONU, the ONU will be forcefully replaced by ONR, right?

replay still a thing, even in bridge mode
better remove ONR for safe measures

Let say your 2G Maxis is up, you still can use old ONU that TM give for maxis customer for Unifi, just pay the technician to configure the maxis ONU and they will contact NOC and update proper OMCI because that ONU do not have telephone port, if you need Telephone, need pass VLAN400 to 0x101 (LAN1) instead of 0xe01 (VEIP)

Gotcha. Guess maxis will be my next option. I am not convinced of how TM and their engineers don't follow up the reported CVEs and issue a proper patch remotely or downloadable firmware from user account dashboard.

Nah, most ISP not doing that,
best way use dumb ONU Bridge + Router with constant security update

I prefer to take real reviews from users bro. More organic and we can know the pros and cons, unfiltered.

also, if router security is your main concern, better just pick mikrotik

cause they long term firmware update

for example my rb2011



it from firmware version 3.10 which is 2008, still getting firmware update until now, most router only get 3 year official update and if you lucky and router flash custom firmware, can use openwrt to extend its lifetime

I am well versed with Mikrotik already. Used the famous RB750Gr3. Now they have a newer version called the hEX Refresh with better spec compared to the 750Gr3. Need to purchase a unit for testing soon.

Also special thanks to soonwai for introducing me to Mikrotik. I've met him personally, he was one of the dude who purchased my RB750Gr3.