Release ASUS ZenWiFi BQ16 Firmware version 3.0.0.6.102_36998

[Dodgydrains]

Version 3.0.0.6.102_36998
63.18 MB
2025/08/08
SHA-256 ：6151AE66806CE60E15E72FFB8A79527E05B4E79B21E0B9B5214D1648AC7D45CD
Important: After installing this firmware, we strongly recommend performing a factory-default reset to activate every new security adjustment.

Security Enhancements
- Password Policy Upgrade – Minimum 10 characters with at least 1 letter, 1 digit and 1 special symbol, and no consecutive identical characters; hardens defence against brute-force attacks.
- HTTPS on 8443 – Management interface now served over TLS by default.
- UPnP Disabled – Universal Plug and Play starts in the off state for reduced surface exposure.
- AiCloud Authentication Hardening (CWE-287) – Added layered verification.
- Authentication Logic Refactor – Removed redundant code paths for a lean sign-in flow.
- Memory Safety Guard (CWE-476) – Introduced null-reference protections across critical services.
- Enhanced IPsec Parameter Validation – The existing input checks have been hardened.
- Data Exposure Mitigation (CWE-200) – Reinforced controls on sensitive pathways.
- Detailed Audit Trails – Expanded logging within the authentication module.

System Improvements
- Connection Stability – Core algorithms refined for steadier links.
- Scheduling Accuracy – Timed tasks execute reliably under PPPoE, PPTP and L2TP WAN modes.
- Client List Maintenance – Resolved an issue that prevented offline devices from being removed from the client list.

https://dlcdnta.asus.com/pub/ASUS/wireless/ZenWiFi%20BQ16/FW_ZenWiFi_BQ16_300610236998.zip?model=ZenWiFi%20BQ16&Signature=D0I253N7tySU224D2HjtFCDYowgMjUdsvMhTYiTu3O1WEDseKOt9lnz1B95DEjVdEnFVblUk4cdA~V8R7nxfMdnoAagUqx7WPUauI8EIYLqhBML3uT0GmBcSXKJGBr9~Uwf19dZ16nqy~ij91kg1L~d1DXH-3u0hYweGV3jgUs7xUJq3b-D21wZfYqE5XmO6oXZ~fRFneiufXZNpfumZtIiQ3TJFMRJ-5Nb55sUIMJVcU-FZ7bugWTcgXwKFreM8SJmvCc3Qi3aJ5Ei3xYfe~GUECBXfu942EwRGbWHAeQ9YYcP9FObtLdCiDR8JCovSP0nZak4Ur48PF350C0pDyw__&Expires=1754699165&Key-Pair-Id=K2ITB7O97XKKCX

 

[2301]

"Password Policy Upgrade – Minimum 10 characters with at least 1 letter, 1 digit and 1 special symbol, and no consecutive identical characters; hardens defence against brute-force attacks"

Which password, Router or WiFi password?

 

[Analog-1]

Router.

 

[garysteel]

Great for updates but not "Important: After installing this firmware, we strongly recommend performing a factory-default reset to activate every new security adjustment."

Can I update firmware without a full system reset - its taken ages to get the system running smooth and this throws it all away and remapping icons, identifiying components connected...sheesh...fist time EVER i've thought ... nah cannot be arsed this time??

Anyone updated and not reset and remained fully operational??

 

[2301]

I have already mentioned this elsewhere, the new firmware has several new "features". For example, it does not allow two streams in the same band to have the same SSID, and it has added login exclusive via HTTPS, but the strange certificate they push does not work, at least on Mac.
I spent 4 hours reverting my 3 x XT9 to previous firmware...

 

[Ripshod]

I have already mentioned this elsewhere, the new firmware has several new "features". For example, it does not allow two streams in the same band to have the same SSID, and it has added login exclusive via HTTPS, but the strange certificate they push does not work, at least on Mac.
I spent 4 hours reverting my 3 x XT9 to previous firmware...

Like comparing apples and oranges there. Different hardware.
@garysteel try it. If you have problems either revert or reset.

 

[2301]

The "features" are the same. Reported also from other router model users.

 

[Ripshod]

The "features" are the same. Reported also from other router model users.

Different router, different hardware, different firmware, different use case, different experience.
Just because you had a bad experience with your hardware and use case, you can't just paint everything else with the same brush.
Let the member test.

 

[RMerlin]

Can I update firmware without a full system reset - its taken ages to get the system running smooth and this throws it all away and remapping icons, identifiying components connected...sheesh...fist time EVER i've thought ... nah cannot be arsed this time??

As per the line you quoted, it's "recommended", not "required".

You can achive most of the same results by manually applying the new security changes as they are listed in the changelog: make sure you use a strong password, disable UPnP, etc...

 

[Dodgydrains]

I dirty flashed over the previous FW without any issues for my use case. Very stable for my use case since I first purchased these units.

Now just waiting patiently for some Merlin love for the BQ16.

 

[garysteel]

I've took the plunge and installed without doing a reset ... all good except opening up router interface i now get stuff about certificates and download and install but he lnk on the ASUS page saying download certificate - is a blank file so no luck

Nahh...reverted to prior firmware--BQ16 started clocking excessive connections on my connected QNAP - and don't have time to fault find

 

[radiomyke]

I was busy over the weekend so didn't opt for downloading the new FW. I was going to install today on my (UK) BQ16 pair which have been operating flawlessly almost from day 1. I do, however, have some problems occasionally with my Sonos system and Sky Q boxes when, for example, after a power cut some of those devices fail to reconnect and it can be a real pain getting them to do so. I wasn't too happy about having to do a factory reset as per the recommendation from Asus though after @RMerlin popped by with his comments I was going to go ahead. However reading @garysteel post, I've decided not to bother for the time being.