Release ASUS RT-AX88U Firmware version 3.0.0.4.388.20558 (2022/09/21)

LimJK

Very Senior Member
Version 3.0.0.4.388.20558
2022/09/21 64.28 MBytes

ASUS RT-AX88U Firmware version 3.0.0.4.388.20558

Bug fixes
  • Fixed port status UI bugs
  • Modified WireGuard VPN server default setting to fix iOS WireGuard app connection issues. If you have iOS connection issues on the previous version(3.0.0.4.388.20518), please upgrade to this version and reset the router.
  • Fixed VPN fusion connection issues with Surfshark WireGuard profile.
  • Improved the AiMesh stability.
Security
  • Fixed HTTP response splitting vulnerability. Thanks to Efstratios Chatzoglou, University of the Aegean.
  • Fixed status page HTML vulnerability. Thanks to David Ward.
  • Fixed CVE-2018-1160. Thanks to Steven Sroba.
  • Fixed cfg_server security issue.
  • Fixed CVE-2011-0719, CVE-2012-2812, CVE-2012-2836, CVE-2012-2837, CVE-2012-2841, CVE-2012-3868, CVE-2013-0172, CVE-2013-4124, CVE-2014-3493, CVE-2015-0240, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2115, CVE-2016-2118, CVE-2016-4425, CVE-2016-6328, CVE-2016-10196, CVE-2018-5743, CVE-2018-13305, CVE-2018-15822, CVE-2018-20030, CVE-2018-1999012, CVE-2019-9278, CVE-2019-17498, CVE-2020-0093, CVE-2020-0182, CVE-2020-12767, CVE-2020-13112, CVE-2020-13113,CVE-2020-13114, CVE-2020-13904,CVE-2020-14323, CVE-2020-20450, CVE-2020-20451, CVE-2020-20891, CVE-2020-20892, CVE-2020-20896, CVE-2020-20898, CVE-2020-21041, CVE-2020-21688, CVE-2020-21697, CVE-2020-22016, CVE-2020-22017, CVE-2020-22020, CVE-2020-22022, CVE-2020-22023, CVE-2020-22025, CVE-2020-22026, CVE-2020-22027, CVE-2020-22028, CVE-2020-22030, CVE-2020-22031, CVE-2020-22032, CVE-2020-22036, CVE-2020-22038, CVE-2020-22039, CVE-2020-22040, CVE-2020-22041, CVE-2020-22042, CVE-2020-22043, CVE-2020-22044, CVE-2020-22046, CVE-2020-22048, CVE-2020-22049, CVE-2020-22051, CVE-2020-22054, CVE-2020-23906, CVE-2022-35401,CVE-2021-38090,CVE-2021-38091, CVE-2021-38092, CVE-2021-38093, CVE-2021-38094, CVE-2021-38114, CVE-2021-38171.

https://dlcdnets.asus.com/pub/ASUS/wireless/RT-AX88U/FW_RT_AX88U_300438820558.zip

Please unzip the firmware file first then check the MD5 code.
MD5: de21b9c46cb0b1873ba33d965f47cedf
 

OzarkEdge

Part of the Furniture
  • Fixed CVE-2011-0719, CVE-2012-2812, CVE-2012-2836, CVE-2012-2837, CVE-2012-2841, CVE-2012-3868, CVE-2013-0172, CVE-2013-4124, CVE-2014-3493, CVE-2015-0240, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2115, CVE-2016-2118, CVE-2016-4425, CVE-2016-6328, CVE-2016-10196, CVE-2018-5743, CVE-2018-13305, CVE-2018-15822, CVE-2018-20030, CVE-2018-1999012, CVE-2019-9278, CVE-2019-17498, CVE-2020-0093, CVE-2020-0182, CVE-2020-12767, CVE-2020-13112, CVE-2020-13113,CVE-2020-13114, CVE-2020-13904,CVE-2020-14323, CVE-2020-20450, CVE-2020-20451, CVE-2020-20891, CVE-2020-20892, CVE-2020-20896, CVE-2020-20898, CVE-2020-21041, CVE-2020-21688, CVE-2020-21697, CVE-2020-22016, CVE-2020-22017, CVE-2020-22020, CVE-2020-22022, CVE-2020-22023, CVE-2020-22025, CVE-2020-22026, CVE-2020-22027, CVE-2020-22028, CVE-2020-22030, CVE-2020-22031, CVE-2020-22032, CVE-2020-22036, CVE-2020-22038, CVE-2020-22039, CVE-2020-22040, CVE-2020-22041, CVE-2020-22042, CVE-2020-22043, CVE-2020-22044, CVE-2020-22046, CVE-2020-22048, CVE-2020-22049, CVE-2020-22051, CVE-2020-22054, CVE-2020-23906, CVE-2022-35401,CVE-2021-38090,CVE-2021-38091, CVE-2021-38092, CVE-2021-38093, CVE-2021-38094, CVE-2021-38114, CVE-2021-38171.

Holy Moly! And back to 2011! Did they really fix anything or just start using a new component that is not vulnerable, I wonder.

OE
 

RMerlin

Asuswrt-Merlin dev
Holy Moly! And back to 2011! Did they really fix anything or just start using a new component that is not vulnerable, I wonder.
If you look them up, the vast majority of these are from ffmpeg.
 

Mister2088

Occasional Visitor
@RMerlin Is this coming to an asus-merlin release in the near future? are any of these cve's part of 386.8?
 

RMerlin

Asuswrt-Merlin dev
@RMerlin Is this coming to an asus-merlin release in the near future? are any of these cve's part of 386.8?
I don't have any immediate plans for a new release. I don't know which of these are affecting me (I don't feel like reviewing 30 different CVEs), but the fact they are mostly tied to ffmpeg indicate that most of these are probably non-issues. ffmpeg is only used with the Media Server, and it only uses it for thumbnail generation, so I suspect most of these cannot be exploited in a router. i.e. there's no ffmpeg executable, only the library that gets used by minidlna.
 

SomeWhereOverTheRainBow

Part of the Furniture
I don't have any immediate plans for a new release. I don't know which of these are affecting me (I don't feel like reviewing 30 different CVEs), but the fact they are mostly tied to ffmpeg indicate that most of these are probably non-issues. ffmpeg is only used with the Media Server, and it only uses it for thumbnail generation, so I suspect most of these cannot be exploited in a router. i.e. there's no ffmpeg executable, only the library that gets used by minidlna.
I know how worried you must have been when you saw that ffmpeg was a potential concern....
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top