What's new

Beta RT-AC68U 9.0.0.4.386.41994 Beta Version

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

bbunge

Part of the Furniture
ASUS RT-AC68U Firmware version 9.0.0.4.386.41994 (Beta Version)
Security Fixed:
Fixed CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686

 
FYI: The MD5 hash code does not match what is shown on the website and the extracted firmware file.

https://www.snbforums.com/threads/a...imesh-2-0-continued.69274/page-14#post-658258

Also, I linked each of CVE Security Vulnerabilities so you can read their description.

https://www.snbforums.com/threads/a...imesh-2-0-continued.69274/page-13#post-658105

I wanted to test if those @ASUSWRT_2020 files were matching with file on asus download page even tho i dont have that router model and it did but the hash on asus web page is not matching. Weird stuff and should be fixed as its important to have those hases cleaned up...
 
Regarding the hash code not matching is very concerning since this beta is to address security vulnerabilities.

Did ASUS upload the wrong file or the wrong hash code or both?
 
Regarding the hash code not matching is very concerning since this beta is to address security vulnerabilities.

Did ASUS upload the wrong file or the wrong hash code or both?

My bet goes on wrong hash code on website because the hash of google drive files is exact same as the ones that are uploaded on asus download website its just wrong description. But thats my speculation.
 
Just ran this beta over 386.41634 with no apparent ill effects. This was on a "test" router with a fresh clean install of 386.41634 and minimally configured.

As for other fixes we only know what Asus told us on their web site about the security fixes. I plan to run this beta on other remote routers tonight. I do not expect problems.
 
Does anyone know if the only changes to this beta are the emergency fixes for the DNSmasq security vulnerabilities?

There are under-the-hood changes beyond just the DNSmasq security fixes. Some have reported better stability/performance, some have reported additional issues cropping up, not unusual for a beta.

For me personally, I've run into stability issues with the web UI on the GT-AC5300 as the main AP/router, w/AiMesh nodes (I use 68U's as mesh nodes). The AiMesh nodes seem to be the root of the issue...when they're gone (either removed or powered off), I don't have stability issues at all. I did a factory reset when I installed 386_41994, wiped/initialized all settings and logs, reconfigured from scratch. Definitely have noticed some stability problems and reported through the admin web feedback page to ASUS. Others haven't had any issues. It's a roll of the dice with a beta.
 
Last edited:
Thanks for the replies. I am surprised that ASUS did not release a new production release to fix the DNSmasq security vulnerabilities based on the most recent AC68U 3.0.0.4.386.41634 release.

I understand adding the security fixes to the current betas which appear to have other code modifications for testing new enhancements.

However, since these DNSmasq security vulnerabilities are marked high per my research, then ASUS should proceed with a production release ASAP based off the 3.0.0.4.386.41634 code.
 
Chances are they cranked out some newer builds before the DNSmasq security vulnerabilities got onto their radar, so they made other changes and then patched up DNSmasq. Just speculating but that's my best guess. I have some other systems that were patched for DNSmasq vulnerabilities via standard security fixes.
 
ASUS has released the AC68U Beta Version on their product support website for my model and the same beta firmware is used in the other thread for testing betas.

My point was I expected ASUS to release a production version to patch these high security vulnerabilities. Not release a public beta which includes other modifications that is still being tested to resolve the security fixes. :)
 
I don't see how else they can, 1. protect their customers in a timely manner and 2. without fully testing a solution first, do otherwise.
 
Chances are they cranked out some newer builds before the DNSmasq security vulnerabilities got onto their radar, so they made other changes and then patched up DNSmasq. Just speculating but that's my best guess. I have some other systems that were patched for DNSmasq vulnerabilities via standard security fixes.
Do you remember what model numbers received the production DNSmasq security fixes?

Does ASUS rollout the changes starting with top-of-line routers and work their way down or does it appear random what models will rollout next?
 
I don't see how else they can, 1. protect their customers in a timely manner and 2. without fully testing a solution first, do otherwise.
I am accustom to high and critical patches are tested internally by a company and then production release as I have seen in Windows and Apple iOS without customer betas.
 
You mean without more public-facing betas. :)

They're still done.

And Asus giving you the choice to possibly be more secure isn't a bad thing either.
 
I am accustom to high and critical patches are tested internally by a company and then production release as I have seen in Windows and Apple iOS without customer betas.
iOS always does customer betas.
 
I installed the beta 9.0.0.4 on my rt-ac68u and I can not get the openVPN to connect to the android phone apps. openVPN was working perfectly with the prior FW. And yes I downloaded a new client.opvn config file with the included cert from the router to the cell phone app. I noticed that the Beta .opvn file has slightly different settings for...
"
# for OpenVPN 2.4 or older
comp-lzo yes
# for OpenVPN 2.4 or newer
;compress lzo
"

where as the prior file had just ...
comp-lzo adaptive

So I changed the new file to use "adaptive" syntax and it still failed to connect.
I suspect something has changed with openVPN in this beta 9.0.0.4 rel and I can not figure out how to make it work.

Any suggestions?

UPDATE: I now have openVPN working in this beta rel. The problem was my doing. After updating I did a factory reset to ensure everything was fresh start. But I failed to get the DDNS->dns updater->dns host->client.ovpn file fully re-enabled and correlated. Hence the openVPN client was using the wrong IP address because the dns didn't resolve properly. I noticed the error in the log when openvpn attempted a connect. Sorry for the false alarm
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top