Release ASUS RT-AC68U Firmware version 3.0.0.4.386.45934

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Objects in Space

Occasional Visitor
Version 3.0.0.4.386.45934

2021/11/16 144.4 MBytes

ASUS RT-AC68U Firmware version 3.0.0.4.386.45934

1. Fixed Let's encrypt related bugs.
2. Fixed httpd vulnerability
3. Fixed stack overflow vulnerability
4. Fixed DoS vulnerability
5. Fixed AiMesh web page multi-language issues.
6. Fixed Stored XSS vulnerability.
7. Fixed CVE-2021-41435, CVE-2021-41436.
Thanks to Efstratios Chatzoglou, University of the Aegean
Georgios Kambourakis, European Commission at the European Joint Research Centre
Constantinos Kolias, University of Idaho.
8. Fixed Stack overflow vulnerability. Thanks to Jixing Wang (@chamd5) contribution.
9. Fixed information disclosure vulnerability .Thanks to CataLpa from DBappSecurity Co.,Ltd Hatlab and 360 Alpha Lab contribution.

Please unzip the firmware file first then check the MD5 code.
MD5:55cc5dffb1819b0ec7aeb35ad3cadd11
 

Intrepid

Occasional Visitor
Working fine so far...
No info on CVE-2021-41435 and CVE-2021-41436
"This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
 

UnoDeTantos

New Around Here
Problem with AIMesh...

AC1900U (master) -> AC66U B1 (node, cable backhaul) both updated to this version.

Wifi guest 1 (5g) isolated from intranet don't resolve IP to clients (clients can connect to wifi but don't get an IP). Works if connected to master but not in nodes.

It Works in previous version :(

Edit: AC66U B1 firmware downgraded to version 3.0.0.4.386.43129 ... works again
 
Last edited:

Stephen Harrington

Senior Member
Version 3.0.0.4.386.45934

2021/11/16 144.4 MBytes

ASUS RT-AC68U Firmware version 3.0.0.4.386.45934

So the previous few versions had already doubled in size, supposedly to allow for the V4 hardware revision ...
MD5 hash checks out OK.
What does this further ~ 50% increase in file size portend?
Just curious ...
 

wouterv

Very Senior Member
A few litte changes I noticed in the wireless area:
1637216980021.png
 

wouterv

Very Senior Member
With that "disable 11b" option you can now select:
  • Auto - which seems to me 11n and 11g, by check box with or without 11b.
  • Legacy - which seems to me 11g and 11b, no 11n.
  • N only - no 11g and 11b.
In my honest opinion and what I don't like to remember 11b was always a pain in the ass, wireless became useful with 11g.
In general it is worth to dump support for legacy modes and free resources, for what ever system.
 

wouterv

Very Senior Member
Look in WAN/DNS Privacy Protocol
It is encrypted DNS. Lots of ways you can be spoofed and snooped with the "standard" DNS. Another privacy/security feature.
Ah thanks, I noticed it is also what our iPhones are showing as not supported for the home RT-AC68U WiFi connection.
Right, it is there:
1637339694568.png

Set to DNS-over-TLS requires to select a server...hmm..which is suggested?
1637339801069.png

The one(s) you select (max. 8) are shown in a list:
1637339935702.png

Hm, ok, instead of picking from the Preset servers list, you can add them manually as well.

I must go back to school :)
 
Last edited:

bbunge

Part of the Furniture
Back to school :)
The DNS Privacy Protocol program (Stubby) will query the servers in the list in order and then repeat. It is a function called round robin. It is a good idea to use at least two DNS servers in the list. If you use IPV6 you can alternate between IPV4 and IPV6 servers.
I am currently using six DNS-0ver-TLS servers: Quad9 1, Cloudflare Secure 1, Cleanbrowsing 1 (security), Quad9 2, Cloudflare Secure 2 and Cleanbrowsing 2 (security) (Cloudflare Secure is a manual entry using 1.1.1.2/1.0.0.2 and TLS Hostname of security.cloudflare-dns.com).
This may seem crazy to some but each DNS server group, for me, is in a different geographic location. The chance that all of them will be down at the same time is remote and thus I hope to DNS lookup problems.
 

wouterv

Very Senior Member
Thanks for taking me back to school ;)
I will give DoT a try.
It is weird tat ASUS does not manage to mention those new functions in the release notes.
 

gammern

New Around Here
Problem with AIMesh...

AC1900U (master) -> AC66U B1 (node, cable backhaul) both updated to this version.

Wifi guest 1 (5g) isolated from intranet don't resolve IP to clients (clients can connect to wifi but don't get an IP). Works if connected to master but not in nodes.

It Works in previous version :(

Edit: AC66U B1 firmware downgraded to version 3.0.0.4.386.43129 ... works again

I had the same problem on 2.4GHz. My robotvac on guest network wasn't visible so I couldn't start it from my phone.
Solved it by changing "Sync to AiMesh Node" to "Router Only" in settings for guest network. Worked for me since my vac don't need to use any of the mesh nodes. Others might not be so lucky.

GuestSyncAiMesh.png
 

Athantor

New Around Here
For me, ticking the „disable 11b” checkbox makes all my devices — smartphones, printer, tv — unable to connect to the router on the 2,4GHz band: after connection to the wifi is established, the devices are immediately logged out with „authentication failure” error.

Standalone router as single, simple AP; no AiMesh.

And the best thing: you can't untick the damn thing! After clicking „save” button, the wireless settings page just reloads.
Had to manually disable it via ssh:

The checkbox is set, 11b disabled (wifi broken):
INI:
wl_rateset=ofdm
wl0_rateset=ofdm

The checkbox is unset, 11b enabled (factory setting):
INI:
wl_rateset=default
wl0_rateset=default

Thanks ASUS, an hour well spent debugging your well made firmware. :mad:
 

wouterv

Very Senior Member
For me, ticking the „disable 11b” checkbox makes all my devices — smartphones, printer, tv — unable to connect to the router on the 2,4GHz band: after connection to the wifi is established, the devices are immediately logged out with „authentication failure” error.

Standalone router as single, simple AP; no AiMesh.

And the best thing: you can't untick the damn thing! After clicking „save” button, the wireless settings page just reloads.
Had to manually disable it via ssh:

The checkbox is set, 11b disabled (wifi broken):
INI:
wl_rateset=ofdm
wl0_rateset=ofdm

The checkbox is unset, 11b enabled (factory setting):
INI:
wl_rateset=default
wl0_rateset=default

Thanks ASUS, an hour well spent debugging your well made firmware. :mad:
Wow, thanks for pointing out.
Hands off the button.
Did you report the issue through the router: Advanced Settings > Administration > Feedback ?
 
Last edited:

wouterv

Very Senior Member
So the previous few versions had already doubled in size, supposedly to allow for the V4 hardware revision ...
MD5 hash checks out OK.
What does this further ~ 50% increase in file size portend?
Just curious ...
Hmm, right:
41944 ~ 41 MB.
43129 / 43137 ~ 97 MB.
45934 ~154 MB.

That looks like there are 3 firmware images in one file.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top