ASUS RTAX6000 (88U) Stock vs Merlin 386 security fix question @Merlin


Occasional Visitor
Hi merlin, quick question about your firmware versus the stock asus firmware specifically for the AX 6000 (RT AX 88U) regarding security fixes:

On the asus website for the 88u (RT-AX88U|WiFi 6|ASUS USA), there have been several firmware updates within the last few months that address different security issues with the stock firmware. I noticed in the changelog for 386.3 (not released yet) that you have made changes to prevent the frag attacks which are mentioned in the most recent stock firmware from asus so wont lis again below; but was wondering if you addressed the other issues listed under the 88U copied below from Asus website

"ASUS RT-AX88U Firmware version
1. Fix VPN GUI issues.
2. Fix WAN connection issues. Special thanks to Yulei Zhang's contribution.
3. Fix AiMesh related bugs.
4. Minor GUI issue fixes.
5. Upgrade dropbear to version 2020.81
6. Fix buffer overflow vulnerability
7. Fix slowloris denial of service attack.
8. Fix authentication bypass vulnerability."

"ASUS RT-AX88U Firmware version
- Fixed CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686
- Added more icons to the client list
- Improved connection stability
- Fixed DoS vulnerability. Thanks for Tsinghua University NISL's contribution."

Please advise, big fan of the firmware, thanks for all the hard work!


Asuswrt-Merlin dev
42095 was already merged with 386.2_0, as well as the slowloris fix. No idea what the other fixes are, so I don't even know if my firmware was susceptible to these or not - the changelog provides zero info as to what these issues are.

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!