Asus GT-BE 98PRO 3.0.0.6.102_39271 Firmware for security

[cc666]

n my email today I received a notice of an update. Went to the ASUS download site and the file is not availiable for download!

Firmware Update for ROG Rapture GT-BE98 Pro​

Firmware version 3.0.0.6.102_39271 is now available. This update focuses on enhancing system security and addressing known issues. We recommend that all router administrators take action to secure their routers by updating to the latest firmware. For detailed information, please refer to the corresponding security advisory.
Security Advisory Affected Firmware series Solution

Security Update for ASUS Router Firmware

3.0.0.6_102 series

Upgrade to the firmware version 3.0.0.6.102_39271

CC

 

[bennor]

n my email today I received a notice of an update. Went to the ASUS download site and the file is not availiable for download!

If you have the GT-BE98 Pro, did you check through the GUI to see if the new firmware was available? Quite often the newest firmware will show up through the router GUI firmware update check before (sometimes days before) it shows up on the Asus website (https://rog.asus.com/networking/rog-rapture-gt-be98-pro/helpdesk_bios/).

PS: The Security Update Notice (https://www.asus.com/security-advisory/).

Security Update for ASUS Router Firmware​

ASUS has released a security update for ASUS routers to mitigate Reported vulnerability and strongly recommends updating to the latest firmware version 3.0.0.6_102 series or later to ensure optimal protection.

To protect your devices, ASUS strongly recommends that all users update their router firmware to the latest version immediately.
You can find the latest firmware on the ASUS support page at
https://www.asus.com/support/ or the relevant product page at https://www.asus.com/Networking/

CVE-2025-15101
CVSS 4.0 Score： 8.5 /High
AV:N/AC:L/AT:N/PR:H/UI/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Last Updated: March 25, 2026 (GMT+8)

Edit to add: Since this affects the 3006.102 firmware and multiple routers not just the GT-BE98 Pro. Started a separate thread specifically for this security announcement:

Asus Router Firmware Security Bulletin for CVE-2025-15101 (03/25/2026)

 

[cc666]

Firmware is nowhere to be found! Even tried updating within the router, no new firmware availiable.
If anyone finds it please post.

CC

 

[jzchen]

It has gone both ways. Sometimes the website first, sometimes the GUI first....

 

[jzchen]

I dunno, it's looking mighty suspicious....

 

[cc666]

I dunno, it's looking mighty suspicious....
View attachment 70934

Hmm Any other comments on this? Can it be a Hoax? Its a good thing there was not a file link with suspecious code if its suspecious. Bennor can you comment.

CC

 

[jzchen]

Nah sorry it was a joke. Sometimes the characters make up ASCII symbols then you get one....

I thought that was the download link. I've been looking to no avail....

I will try a little more after I finish breakfast (on a computer)...

 

[Tech9]

Firmware is nowhere to be found!

Nah sorry it was a joke.

Popular item, currently sold out. Wait for new shipment.

 

[bennor]

Hmm Any other comments on this? Can it be a Hoax? Its a good thing there was not a file link with suspecious code if its suspecious. Bennor can you comment.

CC

@jzchen was making a joke due to the snbforums site code converting the text ":P" to a icon when the post was saved.
AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
I assume it's not a hoax since it's on an official Asus website and includes links to third party sites that discuss the CVE.

Just be patient and keep periodically checking both the GUI and the main support website for your router (or use a website watcher to notify you of updates). New firmware will likely be out to address this CVE notice if the current firmware branch that has been released for numerous Asus router models over the past two weeks doesn't contain the security fix.

 

[jzchen]

Firmware is nowhere to be found! Even tried updating within the router, no new firmware availiable.
If anyone finds it please post.

CC

I'm afraid I could not find it. I even tried to modify an older RT-AX52U Pro link to no avail...

Sometimes the Web GUI fails to connect to the server and you get a little red text message warning of the failure. There's a little check box for beta firmware. Sometimes, one, or the other, doesn't reach the server. Then I go to the app and check, two times. If you leave the check box unchecked, the app checks for all the release level firmware only. If you check the box for beta firmware, sometimes the app will check exclusively for beta firmware. So this process takes me 4 different tries. More of the time the app will get through, than the web GUI... Just an FYI.

 

[jzchen]

Don't hold your breath, as they may have goofed up the version number. I found two emails (one for each) GT-AXE16000 and BQ16 Pro, both notifications to update, and both for firmwares released back on 3/16. I would have to guess that the _39260 (if I didn't goof it) is what the notification should list....

 

[cc666]

I just dug up this info: Seems like possibly the .260 firmware fixed it???

As of March 2026, a new malware botnet named KadNap has been identified targeting ASUS routers, with over 14,000 devices compromised globally. The botnet is used to create a decentralized proxy network, allowing attackers to route malicious traffic through residential routers to evade detection.

The Hacker News +3
KadNap Botnet Details (March 2026)

• Target: Primarily ASUS routers (including models like the GT-BE98 Pro).
• Method: The malware uses the Kademlia Distributed Hash Table (DHT) protocol, a peer-to-peer (P2P) approach, making it difficult for law enforcement to shut down because there is no central server.
• Impact: Infected routers have their traffic redirected to serve as proxy nodes for malicious activities. Users might notice slightly slower internet speeds.
• Geography: The majority of infections (60%) are in the United States, with others in Europe, Brazil, Russia, Australia, and Asia.
• Discovery: Reported by Lumen's Black Lotus Labs in March 2026.
  
  
  Yahoo News Singapore +4

ASUS GT-BE98 Pro Specifics
While specific firmware vulnerabilities are often targeted, high-performance, internet-exposed gaming routers like the ASUS ROG Rapture GT-BE98 Pro are often considered prime targets for such botnets due to their powerful hardware.

Yahoo News Singapore +2

• Firmware Updates: ASUS frequently releases firmware updates (e.g., March 12, 2026, updates 3.0.0.6.102_39249/39260) to address security and stability.
• Past Vulnerabilities: Similar, older attacks in 2025 (e.g., "AyySSHush") exploited authentication vulnerabilities and required a hard reset/firmware flash.

How to Protect Your Router

1. Update Firmware: Immediately check for and install the latest firmware, which often patches the vulnerabilities used by KadNap.
2. Factory Reset: If you suspect infection, a factory reset is often necessary to remove persistent malware, followed by a firmware update.
3. Disable Remote Management: Disable features like WAN access, SSH, and VPN if you do not use them to reduce the attack surface.
4. Change Credentials: Change the default administrator username and password to a strong, unique password.

CC

 

[bennor]

I just dug up this info: Seems like possibly the .260 firmware fixed it???

To clarify, there is no ".260 firmware" for the GT-BE98 Pro. The latest firmware for the GT-BE98 Pro, as of this post, is: 3.0.0.6.102_39260.

 

[bennor]

I just dug up this info: Seems like possibly the .260 firmware fixed it???

As of March 2026, a new malware botnet named KadNap has been identified targeting ASUS routers, with over 14,000 devices compromised globally. The botnet is used to create a decentralized proxy network, allowing attackers to route malicious traffic through residential routers to evade detection.

FYI. If you search the subforums here on SNBForums you'll see that botnet (KadNap) has been previously discussed or mentioned.

Does this botnet affect RMerlin firmware?

https://www.bleepingcomputer.com/news/security/new-kadnap-botnet-hijacks-asus-routers-to-fuel-cybercrime-proxy-network/

www.snbforums.com

14,000 routers are infected by malware (mainly ASUS)

According to this article ASUS routers are vulnerable, but the text provides few details. No mention to models, firmware version, CVE number, etc. Does anyione have more info about it?

www.snbforums.com

 

[cc666]

To clarify, there is no ".260 firmware" for the GT-BE98 Pro. The latest firmware for the GT-BE98 Pro, as of this post, is: 3.0.0.6.102_39260.

Thas what I meant.

CC