Firmware Update for AX86U (8-31-2021)

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Ameenhuus

Occasional Visitor
ASUS RT-AX86 Series(RT-AX86U/RT-AX86S) Firmware version 3.0.0.4.386.45375
This version includes several vulnerability patches.
BusyBox
- CVE-2016-2148
- CVE-2016-6301
- CVE-2018- 1000517

cURL
- CVE-2020-8169
- CVE-2019-5481
- CVE-2019-5482
- CVE-2018-1000120
- CVE-2018- 1000300
- CVE-2018-16839

Lighttpd
- CVE-2018-19052

Linux
- CVE-2020-14305
- CVE-2020-25643
- CVE-2019-19052

lldpd
- CVE-2020-27827

Avahi
- CVE-2017-6519

hostapd
- CVE-2021-30004
- CVE-2019-16275

OpenVPN
- CVE-2020-11810
- CVE-2020-15078

wpa
- CVE-2021-30004
- CVE-2021-27803
- CVE-2019-11555
- CVE-2019-9499
- CVE-2019-9498
- CVE-2019-9497
- CVE-2019-9496
- CVE-2019-9495
- CVE-2019-9494
- CVE-2017-13086
- CVE-2017-13084
- CVE-2017-13082
- CVE-2016-4476
- CVE-2015-8041

Fixed DoS vulnerability from spoofed sae authentication frame. Thanks to Efstratios Chatzoglou, University of the Aegean, Georgios Kambourakis, European Commission at the European Joint Research Centre, and Constantinos Kolias, University of Idaho.

Fixed envrams exposed issue. Thanks to Quentin Kaiser from IoT Inspector Research Lab contribution.

Please unzip the firmware file first then check the MD5 code.
MD5: 97009cd613c92155e69fe476a7fc22d6
 

jsbeddow

Senior Member
ASUS RT-AX86 Series(RT-AX86U/RT-AX86S) Firmware version 3.0.0.4.386.45375
This version includes several vulnerability patches.
BusyBox
- CVE-2016-2148
- CVE-2016-6301
- CVE-2018- 1000517

cURL
- CVE-2020-8169
- CVE-2019-5481
- CVE-2019-5482
- CVE-2018-1000120
- CVE-2018- 1000300
- CVE-2018-16839

Lighttpd
- CVE-2018-19052

Linux
- CVE-2020-14305
- CVE-2020-25643
- CVE-2019-19052

lldpd
- CVE-2020-27827

Avahi
- CVE-2017-6519

hostapd
- CVE-2021-30004
- CVE-2019-16275

OpenVPN
- CVE-2020-11810
- CVE-2020-15078

wpa
- CVE-2021-30004
- CVE-2021-27803
- CVE-2019-11555
- CVE-2019-9499
- CVE-2019-9498
- CVE-2019-9497
- CVE-2019-9496
- CVE-2019-9495
- CVE-2019-9494
- CVE-2017-13086
- CVE-2017-13084
- CVE-2017-13082
- CVE-2016-4476
- CVE-2015-8041

Fixed DoS vulnerability from spoofed sae authentication frame. Thanks to Efstratios Chatzoglou, University of the Aegean, Georgios Kambourakis, European Commission at the European Joint Research Centre, and Constantinos Kolias, University of Idaho.

Fixed envrams exposed issue. Thanks to Quentin Kaiser from IoT Inspector Research Lab contribution.

Please unzip the firmware file first then check the MD5 code.
MD5: 97009cd613c92155e69fe476a7fc22d6
Wow, that's quite a list of CVEs, perhaps a new record (without checking, or knowing how serious they are).
 

jsbeddow

Senior Member

AntonK

Very Senior Member
New ASUS firmware out today for AX86U - 3.0.0.4.386.45375

Version 3.0.0.4.386.45375

2021/08/31 74.93 MBytes

ASUS RT-AX86 Series(RT-AX86U/RT-AX86S) Firmware version 3.0.0.4.386.45375
This version includes several vulnerability patches.
BusyBox
- CVE-2016-2148
- CVE-2016-6301
- CVE-2018- 1000517

cURL
- CVE-2020-8169
- CVE-2019-5481
- CVE-2019-5482
- CVE-2018-1000120
- CVE-2018- 1000300
- CVE-2018-16839

Lighttpd
- CVE-2018-19052

Linux
- CVE-2020-14305
- CVE-2020-25643
- CVE-2019-19052

lldpd
- CVE-2020-27827

Avahi
- CVE-2017-6519

hostapd
- CVE-2021-30004
- CVE-2019-16275

OpenVPN
- CVE-2020-11810
- CVE-2020-15078

wpa
- CVE-2021-30004
- CVE-2021-27803
- CVE-2019-11555
- CVE-2019-9499
- CVE-2019-9498
- CVE-2019-9497
- CVE-2019-9496
- CVE-2019-9495
- CVE-2019-9494
- CVE-2017-13086
- CVE-2017-13084
- CVE-2017-13082
- CVE-2016-4476
- CVE-2015-8041

Fixed DoS vulnerability from spoofed sae authentication frame. Thanks to Efstratios Chatzoglou, University of the Aegean, Georgios Kambourakis, European Commission at the European Joint Research Centre, and Constantinos Kolias, University of Idaho.

Fixed envrams exposed issue. Thanks to Quentin Kaiser from IoT Inspector Research Lab contribution.
 

bbunge

Part of the Furniture
The version list fails to mention that DoT and DNS Filter are included in this release. This is a big plus and a feather in Merlin's bonnet as Asus used his code!
Thanks Eric!!!
There are more changes coming for the AX series. One is Wireguard.
 

SoCalReviews

Very Senior Member
@bbunge Wiregaurd VPN sounds intriguing. :D

I am wondering what ever happened to that past reported channel extension coming to the 5Ghz band.
 
Last edited:

kernol

Very Senior Member
The version list fails to mention that DoT and DNS Filter are included in this release. This is a big plus and a feather in Merlin's bonnet as Asus used his code!
Thanks Eric!!!
There are more changes coming for the AX series. One is Wireguard.
Any idea why there are frequent ASUS acknowledgments of contributions for patches etc from others but NEVER [that I have seen] from their greatest individual improvements contributor ... @RMerlin ???
 

SoCalReviews

Very Senior Member
They have given him credit. I remember seeing Asus reference RMerlin in previous firmware updates for Asus AC routers.
 

RMerlin

Asuswrt-Merlin dev
Any idea why there are frequent ASUS acknowledgments of contributions for patches etc from others but NEVER [that I have seen] from their greatest individual improvements contributor ... @RMerlin ???
They did it early on. Over time they probably just figured it was pointless to mention it every time it occurred. And I'm fine with that.
 

torstein

Regular Contributor
Wireguard sounds intriguing! Anyone here planning on switching to it from OpenVPN?
 

BreakingDad

Very Senior Member
They did it early on. Over time they probably just figured it was pointless to mention it every time it occurred. And I'm fine with that.
Do Asus pay you for your code? Just wondering.
 

tallytr

Senior Member
With this new firmware I am seeing:
dnsmasq-dhcp[1366]: DHCPACK(br0) ... lines in my System log....

not concerned, just not sure what it means....
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top