Release ASUS ZenWIFI XT8 Firmware version 3.0.0.4.388_24621

[Dodgydrains]

Version 3.0.0.4.388_24621
V1 - 49.61 MB
V2 - 50.23 MB
2024/03/19


- Fixed command injection vulnerability.
- Fixed the ARP poisoning vulnerability. Thanks to the contribution of Xin'an Zhou.
- Fixed code execution in custom OVPN. Thanks to the contrubution of Jacob Baines.
- Fixed the injection vulnerability in AiCloud.
- Fixed stack buffer overflow in lighttpd. Special thanks to Viktor Edstrom.
- Fixed CVE-2023-35720
- Fixed the code execution vulnerability in AiCloud. Thanks to the contribution of chumen77.
- Fixed the XSS and Self-reflected HTML injection vulnerability. Thanks to the contrubution of Redfox Cyber Security.

*Please be advised that due to a security upgrade in AiMesh, we strongly recommend against downgrading to previous firmware versions, as this may lead to connection issues. Should you encounter any difficulties, resetting the AiMesh router to its default settings and re-establishing the mesh connection can resolve the problem.


V1 - https://dlcdnets.asus.com/pub/ASUS/wireless/ZenWiFi_XT8/FW_ZENWIFI_XT8_300438824621.zip?model=ASUS ZenWiFi AX (XT8)

Please unzip the firmware file, and then verify the checksum.
SHA256: 2cd1851f75abf270c34ec4643617aa03235c3d1415696a8a9100dc1b79972378

V2 - https://dlcdnets.asus.com/pub/ASUS/wireless/ZenWiFi_XT8/FW_ZENWIFI_XT8_V2_300438824621.zip?model=ASUS ZenWiFi AX (XT8)

Please unzip the firmware file, and then verify the checksum.
SHA256: 97fd1726378ce1d449f3b5e143e00c7cffb0da7b961f944f267bf7e1c13712b0

 

[maximillion82]

This is a very weird update. First time ever it only saints to update the node that’s connect to the WAN, no of the other nodes. Should I update or wait?
Usually I update immediately, but since all nodes are identical and it only wants to update the WAN node I’m skeptical if this Firmware version. Anyone tried it, if yes. Same issue?

 

[ronan_zj]

I have no issue to update my 2 XT8 as nodes. wireless backhaul speed looks better than before. my PHY rate is 1700Mbps for both Transmit and Receive Rate.

 

[maximillion82]

I have no issue to update my 2 XT8 as nodes. wireless backhaul speed looks better than before. my PHY rate is 1700Mbps for both Transmit and Receive Rate.

I can't update the second node. I will try to reboot. PHY of 1700Mbps sounds good.

 

[Hozz]

Mine has only updated the WAN node, I haven't tried updating the other node manually.

 

[ronan_zj]

I can't update the second node. I will try to reboot. PHY of 1700Mbps sounds good.

my main node is GT-AX11000 Pro, and I updated my XT8s ( remote nodes) via Asus APP.

 

[maximillion82]

Mine has only updated the WAN node, I haven't tried updating the other node manually.

Same, for me it showed WAN only. I ended up updating them one by one manually. Works well for far.

 

[Hozz]

I have had to do my second one manually now. No difference in PHY rate on mine.

 

[Asclepias]

Same here. I also have had to update the node manually.

 

[thalador]

Updated router and two nodes manually. No issues, but seems they didn't bother to fix the display issue when viewing the client list.

 

[Eniro]

Updated both XT8 via the mobile app, showed me that both nodes need to be upgraded, started with secondary than the main unit, all good, will continue to follow for stability, and any issues.

 

[mrbill]

Updated the node first then the main. So far so good running hw v1. I’ll keep my fingers crossed…

 

[Acropolis77]

Updated manually in Edge browser, 2 nodes v2.
Update 1st node, reboot, update 2nd node (router), reboot. No issues.
Auto firmware update was switched back to ‘on’ after update.

 

[Jim_OS]

but seems they didn't bother to fix the display issue when viewing the client list.

I installed the firmware on my three XT8 nodes (V1) a few days ago. Since I made a few changes to the WLAN structure here anyway, I also reset all three nodes after the update and reset them to factory settings.

This firmware version runs very well and stable for me, but the fact that the client list no longer updates after a few minutes is of course a no-go and really annoys me. Especially if you - like me in the last few days - have integrated several new WLAN devices and then cannot tell/see how good or bad the WLAN connection is with the XT8 Mesh.

I can only hope that Asus fixes this very quickly, otherwise I would probably downgrade the firmware. The only question then is which old firmware version should I downgrade to? No idea.

 

[Mr.Why]

Summary:
Because I had many issues with upgrading the firmware, I wanted to share how I did the upgrade.
The main issues is that when I upgraded to the latest firmware, my wired backhaul connection stopped working.
Despite numereous ways of upgrading the system, I failed - until now!

I made a clean install, but I kept my wifi SSID' (for 2.4 GHz and 5GHz) exactly the same as before (and same password).
In this way, all of my connected devices will re-connect without any "re-configuration" of them.

System:
2 units of ZenWifi XT8 AX6600
Hardware version V1, HW version: 1.0

Firmware:
Upgrade from: 3.0.0.4.388_23285-g5068da5 (release date 15:th of may 2023)
Upgrade to: 3.0.0.4.388_24621-g9054e31 (release date 19:th of march 2024)

Setup:
1 AI Mesh router connected to my ISP.
1 AI Mesh node (wired backhaul, e.g from 2.5/1G WAN to LAN on main AI Mesh router).

My way Summary:
* Install the firmware upgrade via the "Asus router" mobile app.
* Shut down the system and restart each of the nodes.
* Reset to factory settings by pushing WPS button + switching the node on.
* Uninstall and re-install the "Asus router" app.
* Do a clean installation of the nodes.

My way (tedious to read):
Here is what I did which seem to upgrade the firmware and make may wired backhaul to work!

1. I ran the upgrade of firmware (AI Mesh router and Mesh node) via the mobile app, "Asus router", in my existing setup.
2. When finished, I turned both of the nodes off and pulled out the backhaul connection from my AI Mesh node which was connected to the AI Mesh router.
3. Started the main AI Mesh router and let it start up (while the AI Mesh node was turned off). This was to let the firmware be applied from a cold boot of the node.
- When it was up and running, I turned it off.
- Then I did a factory reset by pushing WPS Button at the same time as I switched the Main AI Mesh router on.
- Led lights: Blinks white, then green (2-3 times) then it turns black.
- Switched it off after that.
4. Repeated the same steps for the AI Mesh node.
5. Uninstalled the ASUS Mobile app "Asus router".
6. Ensured that the 2.5/1G cable was connected to my ISP modem and started the main AI Mesh router.
- Started both the Main AI Mesh router and the AI Mesh node and waited for the led ligths to turn "blue".
- Installed the "Asus router" mobile app.
- Run the installation via the mobile app and named my SSID's for 2.4 and 5 GHz to the same names as previously used.
- Waited around 10 minutes for the installation to complete. Despite this, only the main AI Mesh node turned "white", while the AI Mesh node was constant "blue".
- Switched the AI Mesh node off and tested only the internet connection with my main AI Mesh router. It worked.
- Switched on the AI Mesh node on and ran the wizard to add a new Mesh node to the system.
- This succeded.
7. Let the system run in wireless mode for 10 minutes, then I switched off the AI Mesh node.
8. Connected the AI Mesh node with a wired backhaul, e.g. from LAN in main AI Mesh router to 2.5/1G in AI Mesh node.
9. Started the AI Mesh node and let it connect, after a couple of minutes the led light turned white in the AI Mesh node. Now it "just worked".

After above steps I did not configure anythingelse. For example, the AI Mesh node has its "Backhaul Connection Priority" set to Auto. Indeed it picks up the wired connection!

My experience:
I have had Asus routers for many years, and only in the last 2 years I have (to my memory) had issues with the ZenWifi XT8 system.
I have around 30 devices connected to the system and find that some of these loose their wifi connection.
Google Nest Hub seems to be loosing connection to my wifi system. Also some of my android tablets seems to be disconnecting.

Because I cannot tell if it it is my wifi system or my devices that is causing the drop of wifi, it is not fair to just blaim the Asus ZenWifi XT8's.

However, I was very close to throwing this system out and replacing it by a more stable system (but again, all mesh systems seems to be state of the art, so what to choose?).
Therefore I gave the system a last chance to be upgraded to latest version of the firmware. As I have understood there are security related updates in the latest firmware, which is essential to have.

When my system is up and running, it provides a good experience. As many of you are, I am also dependent on a "hazzle free" wifi environment in my home.

Finally, if this last firmware does not resolve my issues or provide me with more problems - Then, bye bye ASUS, and thank you for the years!

The system has been stable now, for 1 hour .

Some other reflections:
I have 3 visible wifi's

* 2.4 GHz
* 5 GHz-1
* 5 GHz-2

I believe the 5 GHz-2 is supposed to be the wifi backhaul connection. But since I have wired backhaul, the 5 GHz-2 could be turned off.
However, because the default setting for "Backhaul Connection Priority" is "Auto", I will keep the 5 GHz-2 visible.
I don't know the impact of that setting though.

 

[Jim_OS]

My experience:
I have around 30 devices connected to the system and find that some of these loose their wifi connection.
Google Nest Hub seems to be loosing connection to my wifi system. Also some of my android tablets seems to be disconnecting.

I also have around 30 WLAN clients here and I find that this firmware version works very well for me. My house has around 140 square meters of living space. There is one XT8 in the kitchen (ground floor), one in the hallway (ground floor) and one on the first floor in the study. The XT8 in the hallway is connected to the XT8 in the study via LAN cable.


All devices - including my three Nest Hubs - have very good Wi-Fi reception and permanently. There are no Wi-Fi interruptions and the IoT devices don't cause any problems either. I have now also activated Wifi 6 mode on all WLAN bands

I have now also activated the Wifi 6 mode on all WLAN bands and there are no problems with it - e.g. with any IoT devices. Things were different with older firmware versions and there were problems when Wifi 6 was activated.

The worst WiFi connection is to a Tasmota socket (TAS-SD_06) in my garden shed that has a water pump connected to it. The WiFi to two of my Dahua outdoor cameras isn't that good either, but they are connected via PoE anyway and the WiFi is just a backup.

Apart from the bug with the client list, I am very satisfied with the firmware (so far).
I think you can assume that with every mesh system - regardless of the manufacturer - there will always be some problems (from time to time). Maybe it makes sense for you to position another XT8 somewhere. For example, I was lucky and got a new two-pack of XT8s for just €200 a few weeks ago. I then put an XT8 in the kitchen and now I also have an XT8 in reserve.

 

[Mr.Why]

I also have around 30 WLAN clients here and I find that this firmware version works very well for me. My house has around 140 square meters of living space. There is one XT8 in the kitchen (ground floor), one in the hallway (ground floor) and one on the first floor in the study. The XT8 in the hallway is connected to the XT8 in the study via LAN cable.
View attachment 57745

All devices - including my three Nest Hubs - have very good Wi-Fi reception and permanently. There are no Wi-Fi interruptions and the IoT devices don't cause any problems either. I have now also activated Wifi 6 mode on all WLAN bands
View attachment 57752
I have now also activated the Wifi 6 mode on all WLAN bands and there are no problems with it - e.g. with any IoT devices. Things were different with older firmware versions and there were problems when Wifi 6 was activated.

The worst WiFi connection is to a Tasmota socket (TAS-SD_06) in my garden shed that has a water pump connected to it. The WiFi to two of my Dahua outdoor cameras isn't that good either, but they are connected via PoE anyway and the WiFi is just a backup.
View attachment 57746
Apart from the bug with the client list, I am very satisfied with the firmware (so far).
I think you can assume that with every mesh system - regardless of the manufacturer - there will always be some problems (from time to time). Maybe it makes sense for you to position another XT8 somewhere. For example, I was lucky and got a new two-pack of XT8s for just €200 a few weeks ago. I then put an XT8 in the kitchen and now I also have an XT8 in reserve.

Hi,

thanks for sharing your view and experience.

I do actually have another unit to include in my mesh system, but I have not done so due my previous issues.

However, while I was feeling really "Crazy about my Wifi system" , I was thinking about "Mesh" versus "Access points (AP)". From my understanding, a client connected to a mesh system will switch to the strongest connection of one of my units. In contrast, a client connected to an access point will retain that connection for as long as it can. If I understood this correct, then a system with 2 accesspoints and 1 main router, would probably behave more stable.

The thing is for me, is that I do not move around my units so much, except for my phone and perhaps a android tablet. So my google hubs would be retaining the connection to an AP instead of the Mesh system. I don't know if the mesh system varies in strength so the googl hubs tries to switch to other unit.

But if this firmware is stable enough, then I will leave it be...
In the Firmware/Upgrade tab, I have now set:
"Auto Firmware Upgrade" = False
"Security Upgrade" = True

For sure, different manufacturers will make mistakes and cannot forsee all "issues" that may arise due to perhaps poorly configured networks. I mean, I also have a couple of "switches" in my network .

 

[Jim_OS]

Yes, you are right, I use AP mode. It works very well for me here.

I would rather be able to determine the WLAN connection myself than leave it to some “automatic system". I noticed that the automatic optimization that you can run either for the entire mesh system or just for individual clients doesn't really work. For example, clients in the living room are connected to the XT8 in the hallway, even though there is also an XT8 in the living room. That's why I don't really trust this automatic system.

After the firmware update and factory reset of the XT8, this time and so far I left all WLAN settings at the factory settings and I didn't "mess around" with them.

In the system log I can also see that there are no connection interruptions to any clients and that everything works stably. E.g. the last 24 hours.

Apr  7 23:00:27 disk_monitor: Got SIGALRM...
Apr  8 00:47:14 wlceventd: wlceventd_proc_event(645): eth5: Deauth_ind 2A:95:D6:C1:xx:xx, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3), rssi:0
Apr  8 02:18:12 WATCHDOG: [FAUPGRADE][auto_firmware_check:(7961)]do webs_update
Apr  8 02:18:22 WATCHDOG: [FAUPGRADE][auto_firmware_check:(7979)]retrieve firmware information
Apr  8 02:18:22 WATCHDOG: [FAUPGRADE][auto_firmware_check:(7994)]fimrware update check first time
Apr  8 02:18:22 WATCHDOG: [FAUPGRADE][auto_firmware_check:(8025)]no need to upgrade firmware
Apr  8 02:18:51 WATCHDOG: [FAUPGRADE][auto_firmware_check:(7961)]do webs_update
Apr  8 02:18:51 WATCHDOG: [FAUPGRADE][auto_firmware_check:(7979)]retrieve firmware information
Apr  8 02:18:51 WATCHDOG: [FAUPGRADE][auto_firmware_check:(7999)]fimrware update check once
Apr  8 02:19:21 WATCHDOG: [FAUPGRADE][auto_firmware_check:(7961)]do webs_update
Apr  8 02:19:21 WATCHDOG: [FAUPGRADE][auto_firmware_check:(7979)]retrieve firmware information
Apr  8 02:19:21 WATCHDOG: [FAUPGRADE][auto_firmware_check:(7999)]fimrware update check once
Apr  8 02:19:51 WATCHDOG: [FAUPGRADE][auto_firmware_check:(7961)]do webs_update
Apr  8 02:19:51 WATCHDOG: [FAUPGRADE][auto_firmware_check:(7979)]retrieve firmware information
Apr  8 02:19:51 WATCHDOG: [FAUPGRADE][auto_firmware_check:(7994)]fimrware update check first time
Apr  8 02:19:51 WATCHDOG: [FAUPGRADE][auto_firmware_check:(8025)]no need to upgrade firmware
Apr  8 06:19:03 wlceventd: wlceventd_proc_event(685): eth5: Auth 2A:95:D6:C1:xx:xx, status: Successful (0), rssi:0
Apr  8 06:19:03 wlceventd: wlceventd_proc_event(722): eth5: Assoc 2A:95:D6:C1:xx:xx, status: Successful (0), rssi:-52

The client with the MAC address 2A:95:....... that appears is my smartphone.

With older firmware versions, there were definitely more entries in the system log per day and WLAN clients lost their connection and reestablished it more often. Hence my statement that the current firmware version works very well and stably for me. Of course, this could look (completely) different for someone else.

So my google hubs would be retaining the connection to an AP instead of the Mesh system. I don't know if the mesh system varies in strength so the googl hubs tries to switch to other unit.

My three Nest Hubs all have a permanent and very good 5GHz WiFi connection without any interruptions. The Nest Hub in the kitchen is the furthest thing from an XT8.

Apart from the bug with the client list, I am very satisfied with the firmware (so far).

BTW: Very strange. After a restart yesterday, the Client list is now continuously updated and works again for about 20 hours now. I had restarted several times in the last few days and the display of the client list kept stopping after a few hours.

 

[jackma]

I recently updated my firmware after sticking with version 3.0.0.4.386_49873 for ages due to instability issues with the few 388 versions I have tried so far.

In my mesh, I have the main router and three additional nodes. One of these nodes uses wired backhaul, while the other two rely on wireless connections.

While running version 386, the wireless backhaul on 5GHz for both nodes was extremely reliable (not a single fallback to 2.4GHz, ever). However, since I switched to this new firmware, one of the nodes consistently switches to 2.4GHz after a few hours of operation. The only solution to revert to 5GHz is by rebooting the problematic node.

Before considering downgrading back to version 386, is there any specific action I should take?