ASUS RTAX6000 (88U) Stock vs Merlin 386 security fix question @Merlin

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Agoldstein54

Occasional Visitor
Hi merlin, quick question about your firmware versus the stock asus firmware specifically for the AX 6000 (RT AX 88U) regarding security fixes:

On the asus website for the 88u (RT-AX88U|WiFi 6|ASUS USA), there have been several firmware updates within the last few months that address different security issues with the stock firmware. I noticed in the changelog for 386.3 (not released yet) that you have made changes to prevent the frag attacks which are mentioned in the most recent stock firmware from asus so wont lis again below; but was wondering if you addressed the other issues listed under the 88U copied below from Asus website

"ASUS RT-AX88U Firmware version 3.0.0.4.386.42819
1. Fix VPN GUI issues.
2. Fix WAN connection issues. Special thanks to Yulei Zhang's contribution.
3. Fix AiMesh related bugs.
4. Minor GUI issue fixes.
5. Upgrade dropbear to version 2020.81
6. Fix buffer overflow vulnerability
7. Fix slowloris denial of service attack.
8. Fix authentication bypass vulnerability."


"ASUS RT-AX88U Firmware version 3.0.0.4.386.42095
- Fixed CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686
- Added more icons to the client list
- Improved connection stability
- Fixed DoS vulnerability. Thanks for Tsinghua University NISL's contribution."

Please advise, big fan of the firmware, thanks for all the hard work!
 

RMerlin

Asuswrt-Merlin dev
42095 was already merged with 386.2_0, as well as the slowloris fix. No idea what the other fixes are, so I don't even know if my firmware was susceptible to these or not - the changelog provides zero info as to what these issues are.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top