The venerable old end of support RT-AC68U gets another firmware release. This release has similar security updates and suggested router reset after firmware update that other Asus routers have been getting in the past few weeks.
Download firmware: https://www.asus.com/networking-iot...ers/rtac68u/helpdesk_bios/?model2Name=RTAC68U
ASUS RT-AC68U Firmware version 3.0.0.4.386_52048
Version 3.0.0.4.386_52048 99.38 MB 2025/08/19
SHA-256 :40F812B7675953CC49448BEA052443D8A980C3E883F1649D03CC83F398F420F5
Important: After installing this firmware, we strongly recommend performing a factory-default reset to activate every new security adjustment.
Security Enhancements
- Password Policy Upgrade – Minimum 10 characters with at least 1 letter, 1 digit and 1 special symbol, and no consecutive identical characters; hardens defence against brute-force attacks.
- HTTPS on 8443 – Management interface now served over TLS by default.
- UPnP Disabled – Universal Plug and Play starts in the off state for reduced surface exposure.
- AiCloud Authentication Hardening (CWE-287) – Added layered verification.
- Authentication Logic Refactor – Removed redundant code paths for a lean sign-in flow.
- Memory Safety Guard (CWE-476) – Introduced null-reference protections across critical services.
- Enhanced IPsec Parameter Validation – The existing input checks have been hardened.
- Data Exposure Mitigation (CWE-200) – Reinforced controls on sensitive pathways.
Download firmware: https://www.asus.com/networking-iot...ers/rtac68u/helpdesk_bios/?model2Name=RTAC68U
ASUS RT-AC68U Firmware version 3.0.0.4.386_52048
Version 3.0.0.4.386_52048 99.38 MB 2025/08/19
SHA-256 :40F812B7675953CC49448BEA052443D8A980C3E883F1649D03CC83F398F420F5
Important: After installing this firmware, we strongly recommend performing a factory-default reset to activate every new security adjustment.
Security Enhancements
- Password Policy Upgrade – Minimum 10 characters with at least 1 letter, 1 digit and 1 special symbol, and no consecutive identical characters; hardens defence against brute-force attacks.
- HTTPS on 8443 – Management interface now served over TLS by default.
- UPnP Disabled – Universal Plug and Play starts in the off state for reduced surface exposure.
- AiCloud Authentication Hardening (CWE-287) – Added layered verification.
- Authentication Logic Refactor – Removed redundant code paths for a lean sign-in flow.
- Memory Safety Guard (CWE-476) – Introduced null-reference protections across critical services.
- Enhanced IPsec Parameter Validation – The existing input checks have been hardened.
- Data Exposure Mitigation (CWE-200) – Reinforced controls on sensitive pathways.
