[Release] Asuswrt-Merlin 384.11 is available

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.


Asuswrt-Merlin dev
Hi Merlin,

Asus recently released a couple of security updates for the RT-AC87U in May 2019 - Version
  • Fixed DDoS vulnerability.
  • - Fixed AiCloud vulnerability. Thanks for Matt Cundari's contribution.
  • - Fixed command injection vulnerability. Thanks for S1mba Lu's contribution.
  • - Fixed buffer overflow vulnerability. Thanks for Javier Aguinaga's contribution.
  • - Fixed CVE-2018-20334
  • - Fixed CVE-2018-20336
  • - Fixed null pointer issue. Thanks for CodeBreaker of STARLabs’ contribution.
  • - Fixed AiCloud buffer overflow vulnerability. Thanks for Resecurity International's contribution.
Would most of these security issues be already fixed in 384.11_2 which I currently use
I don't know since there are no details as to the exact issues that are resolved, so it's possible that some of these might either be already fixed, or not apply to my firmware. However they are certainly included in 384.12, which is based on the latest 384 code (released at the same time as 382_5163x).


Asuswrt-Merlin dev
I ran across something when testing DNS over TLS that might be of interest. I had quad9 set as my DNS for TLS. However using a DNS Leak Tester (e.g. http://dnsleak.com/ or https://dnsleaktest.com/ ) I got
  • DNS IP:
  • Hostname: res300.mad.rrdns.pch.net
  • ISP: WoodyNet
  • Country: United States
(where the 300 could be 100, 200)

As where the DNS queries go to. This initially looked very odd. However it turns out that Quad9 is an anycast DNS, which routes queries to the nearest server. Quad9 uses PCH (Packet Clearing House) to host DNS servers. PCH’s Director is Bill Woodcock aka Woody. So in summary, odd but okay...
pch.net = Quad9.


Regular Contributor
RT-AX88U with V384.11_2 Final has been up for over 23 days straight, and still running strong, with over 30 devices attached, downloads, streaming, etc., all working as expected.

Thanks RMerlin!!

23 Days Uptime - no issues - ASUS Merlin 384.11_2 for RT-AX88U - 06132019.JPG


Occasional Visitor
Which VPN server/client?

Have you checked that the RPDB rule and iptables nat rule are still in place?
ip rule

iptables --line -t nat -nvL POSTROUTING
this is the output

@RT-AC86U-8DB8:/tmp/home/root# ip rule

0:    from all lookup local

10001:    from lookup main

10002:    from lookup main

10003:    from lookup main

10004:    from lookup main

10005:    from lookup main

10006:    from lookup main

10007:    from lookup main

10008:    from lookup main

10009:    from lookup main

10010:    from lookup main

10101:    from lookup ovpnc1

10102:    from lookup ovpnc1

32766:    from all lookup main

32767:    from all lookup default
@RT-AC86U-8DB8:/tmp/home/root# iptables --line -t nat -nvL POSTROUTING

Chain POSTROUTING (policy ACCEPT 97964 packets, 7449K bytes)

num   pkts bytes target     prot opt in     out     source               destination        

1    97921 9617K MASQUERADE  all  --  *      tun11          

2        4   256 MASQUERADE  all  --  *      tun1+          

3        0     0 ACCEPT     all  --  *      *            policy match dir out pol ipsec

4    58901 3848K PUPNP      all  --  *      ppp0            

5    53352 3460K MASQUERADE  all  --  *      ppp0   !213.xx.xx.xx          

6        0     0 MASQUERADE  all  --  *      eth0   !          

7     2803  366K MASQUERADE  all  --  *      br0
Last edited:

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!