Release RT-AX88U Firmware version 3.0.0.4.386.45375 2021/08/31

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Zastoff

Very Senior Member
ASUS RT-AX88U Firmware version 3.0.0.4.386.45375
This version includes several vulnerability patches.
BusyBox
- CVE-2016-2148
- CVE-2016-6301
- CVE-2018- 1000517

cURL
- CVE-2020-8169
- CVE-2019-5481
- CVE-2019-5482
- CVE-2018-1000120
- CVE-2018- 1000300
- CVE-2018-16839

Lighttpd
- CVE-2018-19052

Linux
- CVE-2020-14305
- CVE-2020-25643
- CVE-2019-19052

lldpd
- CVE-2020-27827

Avahi
- CVE-2017-6519

hostapd
- CVE-2021-30004
- CVE-2019-16275

OpenVPN
- CVE-2020-11810
- CVE-2020-15078

wpa
- CVE-2021-30004
- CVE-2021-27803
- CVE-2019-11555
- CVE-2019-9499
- CVE-2019-9498
- CVE-2019-9497
- CVE-2019-9496
- CVE-2019-9495
- CVE-2019-9494
- CVE-2017-13086
- CVE-2017-13084
- CVE-2017-13082
- CVE-2016-4476
- CVE-2015-8041

Fixed envrams exposed issue. Thanks to Quentin Kaiser from IoT Inspector Research Lab contribution.
 

torstein

Regular Contributor
Oh great! I love security updates. Gives me a warm fuzzy feeling. No idea why hehe. Looking forward to merlin merging the GPLs.

I assume this is also available for the AX86U?
 

sanke1

Senior Member
Installed and now a "fancy but highly annoying" page pops up if you don't use http to access router's GUI via LAN. Kinda lame.
 

LimJK

Very Senior Member
Installed and now a "fancy but highly annoying" page pops up if you don't use http to access router's GUI via LAN. Kinda lame.
:) sanke1, Initially, I felt the sameway, but, I found that you can select not to show it again option :)

Edit:
65243749255__6993AEEE-4D93-4D30-8630-55ABD829EB9F.jpg
 
Last edited:

Gregory Phillips

Senior Member
I just installed it and will report back if anything weird happens.
 

LimJK

Very Senior Member
I have not seen this for a while, as I normally run on Merlin's Firmware for my AiMesh Router. It is repeating itself every 5 minutes. For now I am turning off Let's Encrypt and try it again in a couple of days. Is there some workaround? Thanks.

Code:
Sep  2 17:05:00 rc_service: service 20000:notify_rc restart_letsencrypt
Sep  2 17:05:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:10:00 rc_service: service 20718:notify_rc restart_letsencrypt
Sep  2 17:10:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:15:00 rc_service: service 21441:notify_rc restart_letsencrypt
Sep  2 17:15:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:20:00 rc_service: service 22150:notify_rc restart_letsencrypt
Sep  2 17:20:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:25:00 rc_service: service 22842:notify_rc restart_letsencrypt
Sep  2 17:25:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:30:00 rc_service: service 23531:notify_rc restart_letsencrypt
Sep  2 17:30:00 Let's Encrypt: Err, DDNS update failed.
 

LimJK

Very Senior Member
I also found that Merlin's DoT (DNS-over-TLS) is available :) on this version of Stock Firmware AX88U 3.0.0.4.386_45375-ge5f218b; it is not mentioned in the release note.
 

bbunge

Part of the Furniture
I also found that Merlin's DoT (DNS-over-TLS) is available :) on this version of Stock Firmware AX88U 3.0.0.4.386_45375-ge5f218b; it is not mentioned in the release note.
DoT is also on the AX86U release. And yes, it is Merlin's code for DoT! Have been running it since it was released with no problems.

A quick google for router with DoT came up empty. So, Asus may be the first to implement DoT. This is a good thing!!!
 

bluepoint

Very Senior Member
I have not seen this for a while, as I normally run on Merlin's Firmware for my AiMesh Router. It is repeating itself every 5 minutes. For now I am turning off Let's Encrypt and try it again in a couple of days. Is there some workaround? Thanks.

Code:
Sep  2 17:05:00 rc_service: service 20000:notify_rc restart_letsencrypt
Sep  2 17:05:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:10:00 rc_service: service 20718:notify_rc restart_letsencrypt
Sep  2 17:10:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:15:00 rc_service: service 21441:notify_rc restart_letsencrypt
Sep  2 17:15:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:20:00 rc_service: service 22150:notify_rc restart_letsencrypt
Sep  2 17:20:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:25:00 rc_service: service 22842:notify_rc restart_letsencrypt
Sep  2 17:25:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:30:00 rc_service: service 23531:notify_rc restart_letsencrypt
Sep  2 17:30:00 Let's Encrypt: Err, DDNS update failed.
If I remember correctly, when I see this in RMerlin's firmware, something triggers it but I had not figured it out as it doesn't happen often, I go to Wan-->ddns and just click "apply", this clears that restarts. It seems letsencrypt doesn't remember that it's active and couldn't restart itself.
 

neil0311

Senior Member
I also found that Merlin's DoT (DNS-over-TLS) is available :) on this version of Stock Firmware AX88U 3.0.0.4.386_45375-ge5f218b; it is not mentioned in the release note.

Can I ask what may be a stupid question? Why do you need (why would you want) to encrypt DNS traffic? It’s all public data.

Is there a known exploit or other reason why you’d want that overhead?
 

RMerlin

Asuswrt-Merlin dev
Can I ask what may be a stupid question? Why do you need (why would you want) to encrypt DNS traffic? It’s all public data.

Is there a known exploit or other reason why you’d want that overhead?
Some people don`t want their ISP to see which hostnames they are trying to resolve. Others want to ensure that nobody is intercepting their DNS queries and replacing them, a technique occasionally used by malware or ISPs who want to redirect traffic to different servers.
 

Gregory Phillips

Senior Member
Actually today my phone couldn't connect to 5g so I rebooted the router and it was okay but I didn't think about it further. When I checked the router all of the lights were white. Once it came back up it reconnected just fine. I will probably roll back now.

Edit: Rolled back and my connection speed increased on my phone (galaxy z fold 3).
 
Last edited:

LimJK

Very Senior Member
I have not seen this for a while, as I normally run on Merlin's Firmware for my AiMesh Router. It is repeating itself every 5 minutes. For now I am turning off Let's Encrypt and try it again in a couple of days. Is there some workaround? Thanks.

Code:
Sep  2 17:05:00 rc_service: service 20000:notify_rc restart_letsencrypt
Sep  2 17:05:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:10:00 rc_service: service 20718:notify_rc restart_letsencrypt
Sep  2 17:10:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:15:00 rc_service: service 21441:notify_rc restart_letsencrypt
Sep  2 17:15:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:20:00 rc_service: service 22150:notify_rc restart_letsencrypt
Sep  2 17:20:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:25:00 rc_service: service 22842:notify_rc restart_letsencrypt
Sep  2 17:25:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:30:00 rc_service: service 23531:notify_rc restart_letsencrypt
Sep  2 17:30:00 Let's Encrypt: Err, DDNS update failed.
I have sent feedback with ALL logs to Asus Support 4 days ago ... have not got any reply or acknowledgement yet. May be they should look at Merlin's code which do not have this problem.
 

Evklim

New Around Here
I've been experiencing drops in my 5ghz wireless since flashing this, anyone else?
Hi! A newbie here. Yeah, something strange happened after flashing the new fw. 5Ghz network stopped broadcasting, turning off/on was fixing the issue but only until restart. After restart no 5Ghz again. Tried to localize the problem, but didn’t manage w. Had to go back to the previous fw to solve the issue.
 

LimJK

Very Senior Member
I have sent feedback with ALL logs to Asus Support 4 days ago ... have not got any reply or acknowledgement yet. May be they should look at Merlin's code which do not have this problem.
Code:
Sep  2 17:05:00 rc_service: service 20000:notify_rc restart_letsencrypt
Sep  2 17:05:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:10:00 rc_service: service 20718:notify_rc restart_letsencrypt
Sep  2 17:10:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:15:00 rc_service: service 21441:notify_rc restart_letsencrypt
Sep  2 17:15:00 Let's Encrypt: Err, DDNS update failed.

Found my own workaround for the above snap shot of every 5 minutes Let's Encrypt Error in Syslog.
  • I downgraded FW to RT-AX88U_3.0.0.4_386_44266-g7f6b0df
  • Factory Reset Via GUI, setup configuration from scratch
  • No more Let's Encrypt Error in Syslog
  • Upgrade over GUI (ie. Dirty Flash) to FW RT-AX88U_3.0.0.4_386_45375
  • QED ... No more Let's Encrypt Error in Syslog
 

JB10

New Around Here
This update ruined almost all of my smart home light switches and plugs. They are all on the 2.4 GHz network and all of a sudden they were not getting a stable connection. They would connect and disconnect right away, it was a nightmare trying to troubleshoot this. I eventually found this forum and reverted my router to the previous firmware and just like magic it is now all fixed.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top