What's new

ASUS RT-N66U Firmware version 3.0.0.4.382.50470

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

hfm

Occasional Visitor
The three CVE's have not yet been disclosed in the MITRE db as of yet..
https://www.asus.com/us/Networking/RTN66U/HelpDesk_Download/

- Support multi-language (UTF-8) network name
(Windows XP and Windows 7 do not support UTF-8 format SSID. These two OS may see gibberish if using multi-language SSID.)
- Improved system stability.
- Fixed XSS vulnerability. Thanks to Yonghui Han of Fortinet's FortiGuard Labs.
- Fixed CVE-2018-8877, CVE-2018-8878, CVE-2018-8879
- Fixed plain text password vulnerability in lighttpd.
- Fixed AiCloud cannot login issue.
- Modified Quick Internet Setup wizard process.
- Main SSID and guest network can hide independently.
 
I have the information regarding these three CVEs. Only one is critical, the two others are less critical information disclosure.

The most critical of these was already fixed for models running firmware newer than 384_20308 (can't remember which corresponding 382_xxxx introduced the fix).
 
  • Like
Reactions: hfm
Just flashed this. Reset, flash, reset, setup from scratch in Web GUI.

I enabled access over https (LAN only), but it seems veery slow with loading the web gui. It most often times out, "192.168.1.1 took too long to respond".

Are others experiencing this?
 
Last edited:
Just flashed this. Reset, flash, reset, setup from scratch in Web GUI.

I enabled access over https (LAN only), but it seems veery slow with loading the web gui. It most often times out, "192.168.1.1 took too long to respond".

Are others experiencing this?

Just flashed it too, and web gui is working ok. What browser are you using? For me Firefox has been working best for web gui at least in Linux. Try clearing cookies and site data from your browser for 192.168.1.1.
 
It's a good practice to dump your browser cache when you update the firmware. I've had problems where the UI just didn't plain work at all until I dumped cache.
 
When it first happened in Chrome, I tested using incognito mode in both Edge and Chrome. It still did not load.
I usually do hard refresh when something seems broken. Did not help this time.
 
Would this release from ASUS be a "step up" from Merlin's final 380.70 release for the N66U, given that it's the first 382 release for this router? I understand that Merlin backported many features and fixes from 382 over time, but it still has me wondering. Thanks for your thoughts.
 
Would this release from ASUS be a "step up" from Merlin's final 380.70 release for the N66U, given that it's the first 382 release for this router? I understand that Merlin backported many features and fixes from 382 over time, but it still has me wondering. Thanks for your thoughts.

I would like to know this as well.


I have the information regarding these three CVEs. Only one is critical, the two others are less critical information disclosure.

RMerlin, do you maybe have any final thoughts on this?

Thanks.
 
RMerlin, do you maybe have any final thoughts on this?

I won't provide any public disclosure of the details unless the CVE themselves become public, sorry.
 
I won't provide any public disclosure of the details unless the CVE themselves become public, sorry.

I think you misunderstood. I shouldn't have quoted your own words. My bad.
What I meant was do you have any final thoughts on what dave14305 posted?
 
I think you misunderstood. I shouldn't have quoted your own words. My bad.
What I meant was do you have any final thoughts on what dave14305 posted?

Depends on your needs. It's a step up security-wise, but a step-back feature-wise.
 
I decided to try it out myself and reverted to the ASUS version. Definitely missing some features from Merlin, but trusting I have the best availabile security posture for this aged router.

I’m tempted by john’s latest version, and tempted more by just buying an AC router and being back in the Merlin mainstream.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top