Beta RT-AC68U 9.0.0.4.386.41994 Beta Version

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

bbunge

Very Senior Member
ASUS RT-AC68U Firmware version 9.0.0.4.386.41994 (Beta Version)
Security Fixed:
Fixed CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686

 
P

podkaracz

Guest
FYI: The MD5 hash code does not match what is shown on the website and the extracted firmware file.

https://www.snbforums.com/threads/a...imesh-2-0-continued.69274/page-14#post-658258

Also, I linked each of CVE Security Vulnerabilities so you can read their description.

https://www.snbforums.com/threads/a...imesh-2-0-continued.69274/page-13#post-658105

I wanted to test if those @ASUSWRT_2020 files were matching with file on asus download page even tho i dont have that router model and it did but the hash on asus web page is not matching. Weird stuff and should be fixed as its important to have those hases cleaned up...
 

Objects in Space

Occasional Visitor
Regarding the hash code not matching is very concerning since this beta is to address security vulnerabilities.

Did ASUS upload the wrong file or the wrong hash code or both?
 
P

podkaracz

Guest
Regarding the hash code not matching is very concerning since this beta is to address security vulnerabilities.

Did ASUS upload the wrong file or the wrong hash code or both?

My bet goes on wrong hash code on website because the hash of google drive files is exact same as the ones that are uploaded on asus download website its just wrong description. But thats my speculation.
 

bbunge

Very Senior Member
Just ran this beta over 386.41634 with no apparent ill effects. This was on a "test" router with a fresh clean install of 386.41634 and minimally configured.

As for other fixes we only know what Asus told us on their web site about the security fixes. I plan to run this beta on other remote routers tonight. I do not expect problems.
 

ForkWNY

Regular Contributor
Does anyone know if the only changes to this beta are the emergency fixes for the DNSmasq security vulnerabilities?

There are under-the-hood changes beyond just the DNSmasq security fixes. Some have reported better stability/performance, some have reported additional issues cropping up, not unusual for a beta.

For me personally, I've run into stability issues with the web UI on the GT-AC5300 as the main AP/router, w/AiMesh nodes (I use 68U's as mesh nodes). The AiMesh nodes seem to be the root of the issue...when they're gone (either removed or powered off), I don't have stability issues at all. I did a factory reset when I installed 386_41994, wiped/initialized all settings and logs, reconfigured from scratch. Definitely have noticed some stability problems and reported through the admin web feedback page to ASUS. Others haven't had any issues. It's a roll of the dice with a beta.
 
Last edited:

Objects in Space

Occasional Visitor
Thanks for the replies. I am surprised that ASUS did not release a new production release to fix the DNSmasq security vulnerabilities based on the most recent AC68U 3.0.0.4.386.41634 release.

I understand adding the security fixes to the current betas which appear to have other code modifications for testing new enhancements.

However, since these DNSmasq security vulnerabilities are marked high per my research, then ASUS should proceed with a production release ASAP based off the 3.0.0.4.386.41634 code.
 

ForkWNY

Regular Contributor
Chances are they cranked out some newer builds before the DNSmasq security vulnerabilities got onto their radar, so they made other changes and then patched up DNSmasq. Just speculating but that's my best guess. I have some other systems that were patched for DNSmasq vulnerabilities via standard security fixes.
 

Objects in Space

Occasional Visitor
ASUS has released the AC68U Beta Version on their product support website for my model and the same beta firmware is used in the other thread for testing betas.

My point was I expected ASUS to release a production version to patch these high security vulnerabilities. Not release a public beta which includes other modifications that is still being tested to resolve the security fixes. :)
 

L&LD

Part of the Furniture
I don't see how else they can, 1. protect their customers in a timely manner and 2. without fully testing a solution first, do otherwise.
 

Objects in Space

Occasional Visitor
Chances are they cranked out some newer builds before the DNSmasq security vulnerabilities got onto their radar, so they made other changes and then patched up DNSmasq. Just speculating but that's my best guess. I have some other systems that were patched for DNSmasq vulnerabilities via standard security fixes.
Do you remember what model numbers received the production DNSmasq security fixes?

Does ASUS rollout the changes starting with top-of-line routers and work their way down or does it appear random what models will rollout next?
 

Objects in Space

Occasional Visitor
I don't see how else they can, 1. protect their customers in a timely manner and 2. without fully testing a solution first, do otherwise.
I am accustom to high and critical patches are tested internally by a company and then production release as I have seen in Windows and Apple iOS without customer betas.
 

L&LD

Part of the Furniture
You mean without more public-facing betas. :)

They're still done.

And Asus giving you the choice to possibly be more secure isn't a bad thing either.
 

bluzfanmr1

Senior Member
I am accustom to high and critical patches are tested internally by a company and then production release as I have seen in Windows and Apple iOS without customer betas.
iOS always does customer betas.
 

simpleIT

New Around Here
I installed the beta 9.0.0.4 on my rt-ac68u and I can not get the openVPN to connect to the android phone apps. openVPN was working perfectly with the prior FW. And yes I downloaded a new client.opvn config file with the included cert from the router to the cell phone app. I noticed that the Beta .opvn file has slightly different settings for...
"
# for OpenVPN 2.4 or older
comp-lzo yes
# for OpenVPN 2.4 or newer
;compress lzo
"

where as the prior file had just ...
comp-lzo adaptive

So I changed the new file to use "adaptive" syntax and it still failed to connect.
I suspect something has changed with openVPN in this beta 9.0.0.4 rel and I can not figure out how to make it work.

Any suggestions?

UPDATE: I now have openVPN working in this beta rel. The problem was my doing. After updating I did a factory reset to ensure everything was fresh start. But I failed to get the DDNS->dns updater->dns host->client.ovpn file fully re-enabled and correlated. Hence the openVPN client was using the wrong IP address because the dns didn't resolve properly. I noticed the error in the log when openvpn attempted a connect. Sorry for the false alarm
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top