Release ASUS RT-AX86U Pro Firmware version 3.0.0.6.102_34406 2025/10/28

[bbunge]

Version 3.0.0.6.102_34406

58.21 MB

2025/10/28

SHA-256 ：A96AD6D8E21F44591E7285984F8A25655DE8492C5E435D5803E1574B9CB3C4D7

- Enhanced system stability.
- Enhanced input validation and refactored legacy string handling routines to ensure robust memory management.
- Mitigated security risks in AiCloud service by enforcing strict credential verification, implementing robust file path validation, and hardening command execution logic to prevent unauthorized access and manipulation of system resources.
- Implemented comprehensive validation and expanded command filtering in the web history API.
- Strengthened input validation and directory handling in the VPN configuration upload interface.
- Fixed an issue that allowed certain user settings to be bypassed, improving overall user control and protection.

(Having problems with the download link)
Asus support page: https://www.asus.com/us/networking-...86u-pro/helpdesk_bios?model2Name=RT-AX86U-Pro

 

[jksmurf]

Well there you go… here it is. just had to be patient.

 

[bbunge]

Tried to upgrade the node. Got a firmware upgrade unsuccessful. :-(

Edit: for some reason my Mac had problems unzipping the file. Trying again with the node.

All is well. Router and AiMesh node upgraded! Am surprised that there was no recommendation to factory reset and use a 10 digit password.

 

[bennor]

Funny just checked half an hour or so ago and no update. Anyway, direct link to the firmware, copy and paste it into your browser.

https://dlcdnets.asus.com/pub/ASUS/wireless/RT-AX86U%20Pro/FW_RT_AX86U_Pro_300610234406.zip

 

[Justinh]

Hmm ... why no warning to do a firmware reset?

 

[SteverinoLA]

I had to change the %20 to a space for the download to work.

 

[Intrepid]

This link works to the download page:

RT-AX86U Pro｜WiFi Routers｜ASUS USA

AX5700 Dual Band WiFi 6 Gaming Router, Mobile Game Mode, AiProtection Pro, WPA3, Parental Control, Mesh WiFi support, 2.5G Port, Gaming Port, Adaptive QoS, Port Forwarding

www.asus.com

 

[DarkKnight75]

Finally..updated..all good!

 

[Smedley]

Aren't we still missing the updates from the last round?


Security Enhancements
- Password Policy Upgrade – Minimum 10 characters with at least 1 letter, 1 digit and 1 special symbol, and no consecutive identical characters; hardens defense against brute-force attacks.
- HTTPS on 8443 – Management interface now served over TLS by default.
- UPnP Disabled – Universal Plug and Play starts in the off state for reduced surface exposure.
- AiCloud Authentication Hardening (CWE-287) – Added layered verification.
- Authentication Logic Refactor – Removed redundant code paths for a lean sign-in flow.
- Memory Safety Guard (CWE-476) – Introduced null-reference protections across critical services.
- Enhanced IPsec Parameter Validation – The existing input checks have been hardened.
- Data Exposure Mitigation (CWE-200) – Reinforced controls on sensitive pathways.
- Detailed Audit Trails – Expanded logging within the authentication module.

System Improvements
- Connection Stability – Core algorithms refined for steadier links.
- Scheduling Accuracy – Timed tasks execute reliably under PPPoE, PPTP and L2TP WAN modes.
- Client List Maintenance – Resolved an issue that prevented offline devices from being removed from the client list.

 

[bbunge]

Aren't we still missing the updates from the last round?


Security Enhancements
- Password Policy Upgrade – Minimum 10 characters with at least 1 letter, 1 digit and 1 special symbol, and no consecutive identical characters; hardens defense against brute-force attacks.
- HTTPS on 8443 – Management interface now served over TLS by default.
- UPnP Disabled – Universal Plug and Play starts in the off state for reduced surface exposure.
- AiCloud Authentication Hardening (CWE-287) – Added layered verification.
- Authentication Logic Refactor – Removed redundant code paths for a lean sign-in flow.
- Memory Safety Guard (CWE-476) – Introduced null-reference protections across critical services.
- Enhanced IPsec Parameter Validation – The existing input checks have been hardened.
- Data Exposure Mitigation (CWE-200) – Reinforced controls on sensitive pathways.
- Detailed Audit Trails – Expanded logging within the authentication module.

System Improvements
- Connection Stability – Core algorithms refined for steadier links.
- Scheduling Accuracy – Timed tasks execute reliably under PPPoE, PPTP and L2TP WAN modes.
- Client List Maintenance – Resolved an issue that prevented offline devices from being removed from the client list.

Do not think many will miss the 10 character password.

 

[colossus]

Successful using Web-GUI Administration | Firmware Upgrade feature.

 

[bennor]

Hmm ... why no warning to do a firmware reset?

Aren't we still missing the updates from the last round?
<snip>

Similar observation was made earlier yesterday to the ASUS ROG Rapture GT-AXE16000 Firmware version 3.0.0.6.102_36422 (2025/10/28). One suggestion in a later post in that discussion was try changing the router password to see if it forces the new 10 character requirement. Or perform a reset and see if the new password requirement is forced on QiS setup.

Also wondered the same yesterday in the RT-AX86U Pro abandoned thread prior to this firmware release if the August/September fixes other routers received would be included. Asus release notes tend to be a bit vague leaving one to scratch their heads wondering if fixes other routers received were included in this router's firmware.

 

[fruitcornbread]

Also wondered the same yesterday in the RT-AX86U Pro abandoned thread prior to this firmware release if the August/September fixes other routers received would be included. Asus release notes tend to be a bit vague leaving one to scratch their heads wondering if fixes other routers received were included in this router's firmware.

Practically every router that didn't have the initial August firmware and just received the October firmware are in the same situation. On an unrelated note, the only router I found that made mention of August patch notes is RT-AX1800S V2 and RT-AX57M with FW 3.0.0.4.388_33965, but they use Mediatek SoC and it's still missing some parts of the patch notes like the following:
From October patch notes missing

- Mitigated security risks in AiCloud service by enforcing strict credential verification, implementing robust file path validation, and hardening command execution logic to prevent unauthorized access and manipulation of system resources.

From August patch notes missing:

- AiCloud Authentication Hardening (CWE-287) – Added layered verification.
System Improvements
- Connection Stability – Core algorithms refined for steadier links.
- Scheduling Accuracy – Timed tasks execute reliably under PPPoE, PPTP and L2TP WAN modes.
- Client List Maintenance – Resolved an issue that prevented offline devices from being removed from the client list.

However, it could be because it doesn't have AiCloud.

 

[bbunge]

To answer the $64,000 question: YES! If you factory reset the router you will be required to use a 10 character password.
And you do not want to hear of my experience doing this. I am very glad I had another AX86U Pro (used as an AiMesh node) that I could use after the original router borked.
This new firmware seems to be slower on setup detecting a WAN connection and the 5 GHz clearing DFS is really s l o w.

 

[bennor]

To answer the $64,000 question: YES! If you factory reset the router you will be required to use a 10 character password.

Can confirm. Flashed this stock Asus firmware over Asus-Merlin 3006.102.5, went to change the existing router password, password screen indicated new 10 character requirement (see attached image). Note didn't change the password. Performed a hard factory reset on this stock Asus firmware and was presented with the 10 character requirement during the QIS setup (see attached image).

 

[NoLight]

To answer the $64,000 question: YES! If you factory reset the router you will be required to use a 10 character password.
And you do not want to hear of my experience doing this. I am very glad I had another AX86U Pro (used as an AiMesh node) that I could use after the original router borked.
This new firmware seems to be slower on setup detecting a WAN connection and the 5 GHz clearing DFS is really s l o w.

Borked as in bricked?

 

[NoLight]

Dirty flash on my mesh node and then router. 16hr uptime so far and running just like it was before.

Takes 1m50s to boot up and get a WAN connection on the 2.5gb port with my ISP that uses a VLAN tag in the 802.1Q section.

I'll do a factory reset later this week.

 

[AStaUK]

Did a factory reset via the UI followed by the WPS method, QiS required 10+ char password and uPnP was indeed disabled. Otherwise all working fine as far as I can tell so far.

 

[bbunge]

Borked as in bricked?

No, but it was acting funny. After a factory reset trying to set it up as a new router it would not recognize the WAN connection. I went ahead with a manual WAN connection, set the SSID and passphrase, user name and 10 digit password and it logged in but would not connect the WAN connected to the ONT. Another factory reset with the same results. Also had problems setting the LAN DHCP starting address. Flashed the prior firmware and bang, the WAN connected! Factory reset the 102.34349 and tried to restore a config file, which did not work and reset again and manually configure but the router was acting wonky. The girls were crying for internet access so I grabbed the former mesh node and set it up as the router. It had 102.34406 on it but had not factory reset when I removed it from the AiMesh. Did a hard factory reset and was able to do a manual config and back in operation. Hard factory reset the other AX86U Pro and was able to add it as an AiMesh node. Upgraded its firmware to 102.34406 via the router GUI.
Not sure why the node did not reset when removed from the mesh or why I had config issues with the router. Could blame it on operator error or the cloudy day or that something did not fully complete in the upgrade from 102.34349. Was not an "old" configuration as I had tested Merlin, again, over the weekend and had gone back to 102.34349 just two day ago and most settings were still at default.
All is well for now and I'll not bother to move the newer unit to the router spot as I'm fed up with configuring routers for a few days. Need a break to watch an old favorite movie with a cup of tea and then read a book till I fall asleep...

Oh, sorry, you did get the whole story...

 

[Justinh]

Can't have consecutive same characters? Dumb. 3 or 4 in a row I understand, but not 2.