RT-AX3000 Firmware V 3.0.0.4.386_45898 Breaks WAN Detection

[Bob575]

Last night my RT-AX3000 Auto-Updated my router to Firmware version 3.0.0.4.386_45898. Now it has a good internet connection, but the firmware does not acknowledge the connection and continuously attempts to reconnect. Also, the system log seems to be "Stuck" reporting the date as May 4. Rolled back to Firmware version 3.0.0.4.386_45674 and now all is well.
Anyone else seen this behavior??

 

[L&LD]

Welcome to the forums @Bob575.

What did you try to fix the issue before you flashed an older firmware? Did you even test a reboot, first?

 

[Bob575]

Welcome to the forums @Bob575.

What did you try to fix the issue before you flashed an older firmware? Did you even test a reboot, first?

Yup! Rebooted, no joy. Reset Network Detection settings, no joy.

 

[L&LD]

The next step to test would be to do a full reset to factory defaults (via the WPS Button method appropriate for your router). After having flashed the firmware, you want to use and without using a saved backup config file (which would negate the full reset).

[Wireless] ASUS router Hard Factory Reset | Official Support | ASUS Global

 

[Smokey613]

I have the same issue with the latest firmware on my XT8 units.

 

[Bob575]

The next step to test would be to do a full reset to factory defaults (via the WPS Button method appropriate for your router). After having flashed the firmware, you want to use and without using a saved backup config file (which would negate the full reset).

[Wireless] ASUS router Hard Factory Reset | Official Support | ASUS Global

Hmmm....
Rebuild router from scratch! What a PITA.
Problem SOLVED. Downloaded and installed Asuswrt-Merlin. Easy, Peasy. Router and I am both happy.

 

[Deleted member 22229]

Problem SOLVED. Downloaded and installed Asuswrt-Merlin. Easy, Peasy. Router and I am both happy.

Your missing many security updates since Merlin's last release.

386.45674

This version includes several vulnerability patches.
BusyBox
- CVE-2016-2148
- CVE-2016-6301
- CVE-2018-1000517

cURL
- CVE-2020-8169
- CVE-2019-5481
- CVE-2019-5482
- CVE-2018-1000120
- CVE-2018- 1000300
- CVE-2018-16839

Lighttpd
- CVE-2018-19052

Linux
- CVE-2020-14305
- CVE-2020-25643
- CVE-2019-19052

lldpd
- CVE-2020-27827

Avahi
- CVE-2017-6519

hostapd
- CVE-2021-30004
- CVE-2019-16275

OpenVPN
- CVE-2020-11810
- CVE-2020-15078

wpa
- CVE-2021-30004
- CVE-2021-27803
- CVE-2019-11555
- CVE-2019-9499
- CVE-2019-9498
- CVE-2019-9497
- CVE-2019-9496
- CVE-2019-9495
- CVE-2019-9494
- CVE-2017-13086
- CVE-2017-13084
- CVE-2017-13082
- CVE-2016-4476
- CVE-2015-8041

Fixed DoS vulnerability from spoofed sae authentication frame. Thanks to Efstratios Chatzoglou, University of the Aegean, Georgios Kambourakis, European Commission at the European Joint Research Centre, and Constantinos Kolias, University of Idaho.

Fixed envrams exposed issue. Thanks to Quentin Kaiser from IoT Inspector Research Lab contribution.


386.45898

3. Fixed Stored XSS vulnerability.
4. Fixed CVE-2021-41435, CVE-2021-41436.
Thanks to Efstratios Chatzoglou, University of the Aegean
Georgios Kambourakis, European Commission at the European Joint Research Centre
Constantinos Kolias, University of Idaho.
5. Fixed Stack overflow vulnerability. Thanks to Jixing Wang (@chamd5) contribution.
6. Fixed information disclosure vulnerability .Thanks to CataLpa from DBappSecurity Co.,Ltd Hatlab and 360 Alpha Lab contribution.

 

[RMerlin]

Your missing many security updates since Merlin's last release.

Not that many. For instance, those curl and OpenVPN CVEs were fixed months ago in my firmware. That doesn't mean that the world ended and that everyone that had been running stock firmware these past 6 months were all hacked.

People need to stop debating which is more secure between my firmware or Asus'. We both independently release in parallel, which means for a month or two my firmware will be more secure, then for a month or two theirs will be, then once again mine will be. Whoever was the last to release a firmware will always be "more secure" (tho I am far more proactive in upgrading components, which means some issues for instance in OpenVPN or dnsmasq tend to take longer to be fixed with the stock firmware).

Pick the one that fits best your needs, and just stick with it.

 

[Smokey613]

Off topic… Would there be any advantage to using a AX86U instead of my AC86U in my current network setup listed in my signature? I tried not using Asuswrt-Merlin and going with just the XT8 units but the shock was just too great, hence my current setup.

 

[L&LD]

If you can add the RT-AX86U and a few QNAP QSW-1105-5T 5-Port Unmanaged 2.5GbE switches you can have a 2.5GbE LAN and the lowest latency backhaul possible to your ISPs supplied connection.

You may even be able to sell one or both of your XT8s too (if you leave the RT-AX86U's radios on and enjoy its low latency/high throughput advantages too over the RT-AC86U).

That is about all the 'advantages' that I can see (and they're substantial if they're needed). But the cost is just as substantial too.

To 'forget' the 2.5GbE 'upgrade' for a minute, you may see lower latency and higher sustained throughput with just an RT-AX68U too (no 2.5GbE ports, but obviously higher performance (newer SDK) than the 5-year-old RT-AC86U is capable of today).

Report - 2x RT-AX68U upgrade over 2x RT-AC86U in wireless backhaul mode

Report - 2x RT-AX68U upgrade - Followup questions/answers

 

[Lukeid]

Same here. 3.0.0.4.386_45898 broke WAN Detection on my RT-AX58U.

No reset helped. Just flashing any older firmware and everything worked again.

With the 3.0.0.4.386_45898 firmware I get a lot of http://router.asus.com/error_page.htm?flag=3 errors.

Maybe it is something wrong with redirections, because some pages works some doesn't.

The following two request were done in a PC one after the other with the only difference of the firmware change in the router:

• 3.0.0.4.386_45898:

curl -vvv http://security.ubuntu.com
* Rebuilt URL to: http://security.ubuntu.com/
* Trying 91.189.91.38...
* TCP_NODELAY set
* Connected to security.ubuntu.com (91.189.91.38) port 80 (#0)
> GET / HTTP/1.1
> Host: security.ubuntu.com
> User-Agent: curl/7.55.1
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 302 Moved Temporarily
< Server: wanduck
< Date: Sat, 05 May 2018 05:10:17 GMT
< Connection: close
< Location:http://router.asus.com:80/error_page.htm?flag=3
< Content-Type: text/html
* Closing connection 0

• 3.0.0.4.386.45674:

curl -vvv http://security.ubuntu.com
* Rebuilt URL to: http://security.ubuntu.com/
* Trying 91.189.91.38...
* TCP_NODELAY set
* Connected to security.ubuntu.com (91.189.91.38) port 80 (#0)
> GET / HTTP/1.1
> Host: security.ubuntu.com
> User-Agent: curl/7.55.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Mon, 11 Oct 2021 12:42:32 GMT
< Server: Apache/2.4.29 (Ubuntu)
< Location: http://www.ubuntu.com/usn/
< Content-Length: 319
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.ubuntu.com/usn/">here</a>.</p>
<hr>
<address>Apache/2.4.29 (Ubuntu) Server at security.ubuntu.com Port 80</address>
</body></html>
* Connection #0 to host security.ubuntu.com left intact

 

[Deleted member 22229]

Works good here no issues with the new firmware on my AX58U. 7 days uptime.

 

[pepemosca]

I have a RT-AX58U, with 3.0.0.4.386.45898, I don't see the 5GHz network.
Went back to 3.0.0.4.386.45674, and all working fine.

I did not do a "factory defaults".

 

[Chris Kao]

I have RT-AX3000. I lost WAN when force to upgrade to new firmware. After reading through the forums, I decided to do a factory reset and reconfigure by hand.
I found that renaming "Client Name" with the router GUI will mess up the WAN (particularly the NAT functions).
My AX3000 is now running with the new firmware and functioning like before. I just didn't configure the "Client Names". Now I have a lot of IOT devices with same name like "HS200", "TP-LINK", "amazon-xxxxxxx", "Apple".
It looks like a mess, but it work.