Archer C6U PPTP VPN Extremely Vulnerable due the bug in firmware
Archer C6U has a bug in the firmware that makes it extremely vulnerable if you activate PPTP VPN. This bug is simple and easily reproducible but gives full access to VPN.
If you open the PPTP VPN setup page you will see that there is a default account with username/password admin. You can delete or change the password. In my opinion, deletion of admin is the best way because neither username nor password will be some default. However, it won't work, and below is a simple explanation of why.
When you reboot the router it will create an admin record with the default password admin.
Ok, you try to change the password for admin. You reboot the router again and you get the two admin accounts.
When you try to edit the second admin account it will tell you that the same account exists already. So there is a check in the UI that doesn't allow to have more than one record with the same username.
Next try. There is a limit of 16 users. Ok, 16 users created, reboot, and now there are 17 users.
So what we have in summary:
1. Admin account couldn't be removed and it will return like Terminator.
2. Admin account ignores the unique name check.
3. Admin account ignores the user limit.
And finally, when you enable PPTP VPN you are fully exposed because anyone can connect using the admin account.
P.S. I know that PPTP VPN isn't super secure, but it is faster than OpenVPN.