Release ASUS RT-AC68U Firmware version 3.0.0.4.386_52048 (2025/08/19)

[bennor]

The venerable old end of support RT-AC68U gets another firmware release. This release has similar security updates and suggested router reset after firmware update that other Asus routers have been getting in the past few weeks.

Download firmware: https://www.asus.com/networking-iot...ers/rtac68u/helpdesk_bios/?model2Name=RTAC68U

ASUS RT-AC68U Firmware version 3.0.0.4.386_52048
Version 3.0.0.4.386_52048 99.38 MB 2025/08/19
SHA-256 ：40F812B7675953CC49448BEA052443D8A980C3E883F1649D03CC83F398F420F5

Important: After installing this firmware, we strongly recommend performing a factory-default reset to activate every new security adjustment.

Security Enhancements
- Password Policy Upgrade – Minimum 10 characters with at least 1 letter, 1 digit and 1 special symbol, and no consecutive identical characters; hardens defence against brute-force attacks.
- HTTPS on 8443 – Management interface now served over TLS by default.
- UPnP Disabled – Universal Plug and Play starts in the off state for reduced surface exposure.
- AiCloud Authentication Hardening (CWE-287) – Added layered verification.
- Authentication Logic Refactor – Removed redundant code paths for a lean sign-in flow.
- Memory Safety Guard (CWE-476) – Introduced null-reference protections across critical services.
- Enhanced IPsec Parameter Validation – The existing input checks have been hardened.
- Data Exposure Mitigation (CWE-200) – Reinforced controls on sensitive pathways.

Update: Download link that was posted below.

Here's the download link to the firmware:

https://dlcdnets.asus.com/pub/ASUS/wireless/RT-AC68U/FW_RT_AC68U_300438652048.zip?model=RT-AC68U

ZIP SHA-256 : 40F812B7675953CC49448BEA052443D8A980C3E883F1649D03CC83F398F420F5
FW SHA-256 : 49ba7b100a6b2ff1f6d4e2b38ccd17e5c187763fe267f5208b716dce60ba20d2

 

[John Adler]

just finished the flash
thxs

 

[visortgw]

Never say never!

This must be a major security change for Asus to bother updating post-EOL!

 

[fruitcornbread]

It lives! I didn't expect AC routers to also get the update.

 

[John Fitzgerald]

WENT TO DOWNLOAD ANNND!

 

[bennor]

Note the update on the router login password policy if setting up the router anew or changing the login password:

Password must contain at least 10 characters in length, including 1 letter, 1 special character, and 1 numeric character. Shall not have consecutive identical characters. Login username and password shall not be the same.

 

[bennor]

WENT TO DOWNLOAD ANNND!

The link in OP and the download link on that page worked for me just now.

 

[John Fitzgerald]

The link in OP and the download link on that page worked for me just now.

Just tried again x3 and got the same. Tried The RTAC5300 and while slow to retrieve the web page did load, no update for that model.

Using new Firefox v142.

EDIT: just came up, page loaded but incomplete, driver & tool side loaded but firmware did not, then after a refresh and looong wait the firmware side populated.

 

[wouterv]

Note the update on the router login password policy if setting up the router anew or changing the login password:

Password must contain at least 10 characters in length, including 1 letter, 1 special character, and 1 numeric character. Shall not have consecutive identical characters. Login username and password shall not be the same.

Mind they recommend performing a factory-default reset after the firmware upgrade, so you will run into the new password policy anyway.
And factory-default reset means it MUST be followed by manual configuration the router (not loading an old configuration backup).
As recommended since ages: write down your changes from factory default to be able to manual restore your settings.

Here an example of my configuration notes after the upgrade to this latest firmware:

RT-AC68U
Wireless Router

2.4 GHz Network Name: aaa
Network Key: bbb
5 GHz Network Name: ccc
Network Key: ddd

Advanced Settings - Wireless - General - 2.4 GHz
Channel bandwidth: 20 MHz
Control Channel: 6

Advanced Settings - Wireless - WPS
Enable WPS: OFF

Advanced Settings - Wireless - Professional - 2.4 GHz
Modulation Scheme: Up to MCS 7 (802.11n)
Airtime Fairness: Disable
Explicit Beamforming: Disable
Universal Beamforming: Disable

Advanced Settings - Wireless - Professional - 5 GHz
Airtime Fairness: Disable
Universal Beamforming: Disable

Advanced Settings - LAN - LAN IP
Host Name: eee
IP Address: 192.168.1.1

Advanced Settings - LAN - DHCP Server
IP Pool Starting Address: 192.168.1.3 (this is because the Media Bridge is set to fixed IP address 192.168.1.2)
Manual Assignment
mac - 192.168.1.10 - fff

Advanced Settings - Administration - System
USB Mode: USB 2.0
Time Zone: (GMT+1:00) Amsterdam, Berlin, Bern
DST time zone changes starts: month = 3, weekday = 5th Sun, 2 hours
DST time zone changes ends: month = 10, weekday = 5th Sun, 3 hours

USB application - Servers Center - Media Server
Enable UPnP Media Server: OFF

 

[John Fitzgerald]

Mind they recommend performing a factory-default reset after the firmware upgrade, so you will run into the new password policy anyway.
And factory-default reset means it MUST be followed by manual configuration the router (not loading an old configuration backup).

Change the password before you flash.

 

[bennor]

Mind they recommend performing a factory-default reset after the firmware upgrade, so you will run into the new password policy anyway.

Not everyone will follow Asus's recommendation to reset the router to apply the new security updates so they may not run into the new password policy during the QIS setup post router reset. They will see that login password notice if they try to change their router's password on the Administration > System > Router Login Password > Edit section post update to 3.0.0.4.386_52048.

 

[fruitcornbread]

Here's the download link to the firmware:

https://dlcdnets.asus.com/pub/ASUS/wireless/RT-AC68U/FW_RT_AC68U_300438652048.zip?model=RT-AC68U

ZIP SHA-256 : 40F812B7675953CC49448BEA052443D8A980C3E883F1649D03CC83F398F420F5
FW SHA-256 : 49ba7b100a6b2ff1f6d4e2b38ccd17e5c187763fe267f5208b716dce60ba20d2

 

[Justinh]

"Important: After installing this firmware, we strongly recommend performing a factory-default reset to activate every new security adjustment."

So what happens to the masses that use auto-update?

 

[visortgw]

"Important: After installing this firmware, we strongly recommend performing a factory-default reset to activate every new security adjustment."

So what happens to the masses that use auto-update?

The masses can factory reset when and IF they wish following the auto update.

 

[wouterv]

Both my RT-AC68U Router and RT-AC1900U Media Bridge upgraded to 52048.
After reverting to factory defaults I noticed the RT-AC68U and RT-AC1900U start with a different setup Wizard layout: the RT-AC68U presents something with a QR code, the RT-AC900U presents the old school wizard layout.
Anyway, both are back in service after manual configuration.
One new thing I noticed is the System Log showing like:

Aug 21 10:34:02 HTTPD: [LOGIN][http][Web] success (192.168.1.20)

As the date, time and IP address of the last client that logged in to the router.

 

[bennor]

"Important: After installing this firmware, we strongly recommend performing a factory-default reset to activate every new security adjustment."

So what happens to the masses that use auto-update?

Someone who has auto update enabled will have to respond to let others know if after the auto update the GUI (upon accessing it) informs the user that it is strongly recommended they perform a factory default reset. In any event making note of it in this discussion, readers who have auto update enabled are being informed that a factory default reset is strongly recommended by Asus after updating to this firmware version. Up to them if they choose to do so after reading the notification(s) in this discussion.

 

[bbunge]

I find the forced change of password requirements to be very annoying and troublesome. This requirement is in all the newer Asus firmware and even Merlin which is one reason I went back to the current Asus firmware for my router.

This forced password change does absolutely nothing to improve security of the router and, in fact, will prompt some users to not upgrade their firmware which will, in time, become a security risk. Thanks Asus...

Just my $0.02.

 

[John Fitzgerald]

I find the forced change of password requirements to be very annoying and troublesome. This requirement is in all the newer Asus firmware and even Merlin which is one reason I went back to the current Asus firmware for my router.

This forced password change does absolutely nothing to improve security of the router and, in fact, will prompt some users to not upgrade their firmware which will, in time, become a security risk. Thanks Asus...

Just my $0.02.

I don’t disagree but I did change mine before the flash so I could avoid the potential of being locked out upon rebooting. Or being forced to reset.
UPnP was already off, I don’t have/use AiCloud so that’s off and AiProtection also was never used on this model.
I can’t see why a reset would be necessary in my case.
The other items in the log change I would think would be sorted on their own, I could be wrong.

 

[wouterv]

Why discussing the need for reverting to factory defaults and manual configure the router again after ASUS strongly recommend this?
It is ok you don't do it, but the recommendation of ASUS stays, and for every issue that is reported after the upgrade without factory defaults will result in the advise to revert to factory defaults and manual configure the router.
The password policy is quite common these days and cannot be a big issue for the few times you need to login to the router GUI.

 

[RMerlin]

This forced password change

There's no forced change. Existing passwords are still working.