What's new

Release ASUS RT-AC68U Firmware version 3.0.0.4.386.45934

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Objects in Space

Regular Contributor
Version 3.0.0.4.386.45934

2021/11/16 144.4 MBytes

ASUS RT-AC68U Firmware version 3.0.0.4.386.45934

1. Fixed Let's encrypt related bugs.
2. Fixed httpd vulnerability
3. Fixed stack overflow vulnerability
4. Fixed DoS vulnerability
5. Fixed AiMesh web page multi-language issues.
6. Fixed Stored XSS vulnerability.
7. Fixed CVE-2021-41435, CVE-2021-41436.
Thanks to Efstratios Chatzoglou, University of the Aegean
Georgios Kambourakis, European Commission at the European Joint Research Centre
Constantinos Kolias, University of Idaho.
8. Fixed Stack overflow vulnerability. Thanks to Jixing Wang (@chamd5) contribution.
9. Fixed information disclosure vulnerability .Thanks to CataLpa from DBappSecurity Co.,Ltd Hatlab and 360 Alpha Lab contribution.

Please unzip the firmware file first then check the MD5 code.
MD5:55cc5dffb1819b0ec7aeb35ad3cadd11
 
Working fine so far...
No info on CVE-2021-41435 and CVE-2021-41436
"This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
 
Problem with AIMesh...

AC1900U (master) -> AC66U B1 (node, cable backhaul) both updated to this version.

Wifi guest 1 (5g) isolated from intranet don't resolve IP to clients (clients can connect to wifi but don't get an IP). Works if connected to master but not in nodes.

It Works in previous version :(

Edit: AC66U B1 firmware downgraded to version 3.0.0.4.386.43129 ... works again
 
Last edited:
Version 3.0.0.4.386.45934

2021/11/16 144.4 MBytes

ASUS RT-AC68U Firmware version 3.0.0.4.386.45934

So the previous few versions had already doubled in size, supposedly to allow for the V4 hardware revision ...
MD5 hash checks out OK.
What does this further ~ 50% increase in file size portend?
Just curious ...
 
A few litte changes I noticed in the wireless area:
1637216980021.png
 
With that "disable 11b" option you can now select:
  • Auto - which seems to me 11n and 11g, by check box with or without 11b.
  • Legacy - which seems to me 11g and 11b, no 11n.
  • N only - no 11g and 11b.
In my honest opinion and what I don't like to remember 11b was always a pain in the butt, wireless became useful with 11g.
In general it is worth to dump support for legacy modes and free resources, for what ever system.
 
This firmware should also have DoT.
 
Look in WAN/DNS Privacy Protocol
It is encrypted DNS. Lots of ways you can be spoofed and snooped with the "standard" DNS. Another privacy/security feature.
Ah thanks, I noticed it is also what our iPhones are showing as not supported for the home RT-AC68U WiFi connection.
Right, it is there:
1637339694568.png

Set to DNS-over-TLS requires to select a server...hmm..which is suggested?
1637339801069.png

The one(s) you select (max. 8) are shown in a list:
1637339935702.png

Hm, ok, instead of picking from the Preset servers list, you can add them manually as well.

I must go back to school :)
 
Last edited:
Back to school :)
The DNS Privacy Protocol program (Stubby) will query the servers in the list in order and then repeat. It is a function called round robin. It is a good idea to use at least two DNS servers in the list. If you use IPV6 you can alternate between IPV4 and IPV6 servers.
I am currently using six DNS-0ver-TLS servers: Quad9 1, Cloudflare Secure 1, Cleanbrowsing 1 (security), Quad9 2, Cloudflare Secure 2 and Cleanbrowsing 2 (security) (Cloudflare Secure is a manual entry using 1.1.1.2/1.0.0.2 and TLS Hostname of security.cloudflare-dns.com).
This may seem crazy to some but each DNS server group, for me, is in a different geographic location. The chance that all of them will be down at the same time is remote and thus I hope to DNS lookup problems.
 
Thanks for taking me back to school ;)
I will give DoT a try.
It is weird tat ASUS does not manage to mention those new functions in the release notes.
 
Problem with AIMesh...

AC1900U (master) -> AC66U B1 (node, cable backhaul) both updated to this version.

Wifi guest 1 (5g) isolated from intranet don't resolve IP to clients (clients can connect to wifi but don't get an IP). Works if connected to master but not in nodes.

It Works in previous version :(

Edit: AC66U B1 firmware downgraded to version 3.0.0.4.386.43129 ... works again

I had the same problem on 2.4GHz. My robotvac on guest network wasn't visible so I couldn't start it from my phone.
Solved it by changing "Sync to AiMesh Node" to "Router Only" in settings for guest network. Worked for me since my vac don't need to use any of the mesh nodes. Others might not be so lucky.

GuestSyncAiMesh.png
 
For me, ticking the „disable 11b” checkbox makes all my devices — smartphones, printer, tv — unable to connect to the router on the 2,4GHz band: after connection to the wifi is established, the devices are immediately logged out with „authentication failure” error.

Standalone router as single, simple AP; no AiMesh.

And the best thing: you can't untick the damn thing! After clicking „save” button, the wireless settings page just reloads.
Had to manually disable it via ssh:

The checkbox is set, 11b disabled (wifi broken):
INI:
wl_rateset=ofdm
wl0_rateset=ofdm

The checkbox is unset, 11b enabled (factory setting):
INI:
wl_rateset=default
wl0_rateset=default

Thanks ASUS, an hour well spent debugging your well made firmware. :mad:
 
For me, ticking the „disable 11b” checkbox makes all my devices — smartphones, printer, tv — unable to connect to the router on the 2,4GHz band: after connection to the wifi is established, the devices are immediately logged out with „authentication failure” error.

Standalone router as single, simple AP; no AiMesh.

And the best thing: you can't untick the damn thing! After clicking „save” button, the wireless settings page just reloads.
Had to manually disable it via ssh:

The checkbox is set, 11b disabled (wifi broken):
INI:
wl_rateset=ofdm
wl0_rateset=ofdm

The checkbox is unset, 11b enabled (factory setting):
INI:
wl_rateset=default
wl0_rateset=default

Thanks ASUS, an hour well spent debugging your well made firmware. :mad:
Wow, thanks for pointing out.
Hands off the button.
Did you report the issue through the router: Advanced Settings > Administration > Feedback ?
 
Last edited:
So the previous few versions had already doubled in size, supposedly to allow for the V4 hardware revision ...
MD5 hash checks out OK.
What does this further ~ 50% increase in file size portend?
Just curious ...
Hmm, right:
41944 ~ 41 MB.
43129 / 43137 ~ 97 MB.
45934 ~154 MB.

That looks like there are 3 firmware images in one file.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top