End of support RT-AC66U B1 gets another firmware release.
Download firmware: https://www.asus.com/networking-iot...ac66u-b1/helpdesk_bios?model2Name=RT-AC66U-B1
ASUS RT-AC66U B1 Firmware version 3.0.0.4.386_52048
Version 3.0.0.4.386_52048
99.38 MB
2025/08/19
SHA-256 :2CEF4C986602573813ECE7C2C69D9A338A146BAFEADC7DD71CF881585B88ACEF
Important: After installing this firmware, we strongly recommend performing a factory-default reset to activate every new security adjustment.
Security Enhancements
- Password Policy Upgrade – Minimum 10 characters with at least 1 letter, 1 digit and 1 special symbol, and no consecutive identical characters; hardens defence against brute-force attacks.
- HTTPS on 8443 – Management interface now served over TLS by default.
- UPnP Disabled – Universal Plug and Play starts in the off state for reduced surface exposure.
- AiCloud Authentication Hardening (CWE-287) – Added layered verification.
- Authentication Logic Refactor – Removed redundant code paths for a lean sign-in flow.
- Memory Safety Guard (CWE-476) – Introduced null-reference protections across critical services.
- Enhanced IPsec Parameter Validation – The existing input checks have been hardened.
- Data Exposure Mitigation (CWE-200) – Reinforced controls on sensitive pathways.
Password must contain at least 10 characters in length, including 1 letter, 1 special character, and 1 numeric character. Shall not have consecutive identical characters. Login username and password shall not be the same.
I have change the admin password for AiMesh before you flash.
Download firmware: https://www.asus.com/networking-iot...ac66u-b1/helpdesk_bios?model2Name=RT-AC66U-B1
ASUS RT-AC66U B1 Firmware version 3.0.0.4.386_52048
Version 3.0.0.4.386_52048
99.38 MB
2025/08/19
SHA-256 :2CEF4C986602573813ECE7C2C69D9A338A146BAFEADC7DD71CF881585B88ACEF
Important: After installing this firmware, we strongly recommend performing a factory-default reset to activate every new security adjustment.
Security Enhancements
- Password Policy Upgrade – Minimum 10 characters with at least 1 letter, 1 digit and 1 special symbol, and no consecutive identical characters; hardens defence against brute-force attacks.
- HTTPS on 8443 – Management interface now served over TLS by default.
- UPnP Disabled – Universal Plug and Play starts in the off state for reduced surface exposure.
- AiCloud Authentication Hardening (CWE-287) – Added layered verification.
- Authentication Logic Refactor – Removed redundant code paths for a lean sign-in flow.
- Memory Safety Guard (CWE-476) – Introduced null-reference protections across critical services.
- Enhanced IPsec Parameter Validation – The existing input checks have been hardened.
- Data Exposure Mitigation (CWE-200) – Reinforced controls on sensitive pathways.
Password must contain at least 10 characters in length, including 1 letter, 1 special character, and 1 numeric character. Shall not have consecutive identical characters. Login username and password shall not be the same.
I have change the admin password for AiMesh before you flash.
