Release ASUS RT-AC68U Firmware version 3.0.0.4.386_51685 (2024/04/15)

[Intrepid]

ASUS RT-AC68U Firmware version 3.0.0.4.386_51685
Version 3.0.0.4.386_51685 | 98.85 MB | 2024/04/15
Note: This Router is End of Life - this firmware is a bonus apparently.
Download: https://www.asus.com/networking-iot...ers/rtac68u/helpdesk_bios/?model2Name=RTAC68U

- Fixed command injection vulnerability.
- Fixed the ARP poisoning vulnerability. Thanks to the contribution of Xin'an Zhou.
- Fixed code execution in custom OVPN. Thanks to the contrubution of Jacob Baines.
- Fixed the injection vulnerability in AiCloud.
- Fixed stack buffer overflow in lighttpd. Special thanks to Viktor Edstrom.
- Fixed CVE-2023-35720
- Fixed the code execution vulnerability in AiCloud. Thanks to the contribution of chumen77.
- Fixed the XSS and Self-reflected HTML injection vulnerability. Thanks to the contrubution of Redfox Cyber Security.

*Please be advised that due to a security upgrade in AiMesh, we strongly recommend against downgrading to previous firmware versions, as this may lead to connection issues. Should you encounter any difficulties, resetting the AiMesh router to its default settings and re-establishing the mesh connection can resolve the problem.

 

[bennor]

Strange that one URL has updated firmware, but another one doesn't (neither does the US site as of this post).
This URL doesn't have the referenced newer version (as of this post).
https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rtac68u/helpdesk_bios?model2Name=RTAC68U
While the one the OP provided does.
https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rtac68u/helpdesk_bios/?model2Name=RTAC68U

Note the missing "/" in helpdesk_bios?model2Name in the first URL.

 

[L&LD]

Yes, Asus does rolling updates to its various websites. This is normal.

 

[bennor]

Yes, Asus does rolling updates to its various websites. This is normal.

Oh I get that, was just more commenting on how almost identical URL's (minus one single character) had different firmware.

 

[Tech9]

Note: This Router is End of Life - this firmware is a bonus apparently.

They discovered something off around AiMesh. All new firmwares are coming with "due to a security upgrade in AiMesh..." message.

 

[Intrepid]

They discovered something off around AiMesh. All new firmwares are coming with "due to a security upgrade in AiMesh..." message.

Yeah, but there are other changes too. Anyway, anything after end of life is a bonus - it's irrelevant what they discover after EOL.

 

[wouterv]

Broke the magic...

Both my RT-AC68U Router and the RT-AC1900U Media Bridge did not yet found the new firmware them selves.
Performed a dirty upgrade for both units, so far so good.

 

[Wayne]

Can't Wait to install this!

 

[andyross]

I wonder if it was being tested or similar before the EOL was announced, so they went ahead and released it.

 

[banger]

Trying this version, wonder how long the uptime will be.

 

[NoLight]

Hopefully there will be a Merlin 386.14 with these fixes included! Seems all AiMesh routers are getting this security update.

 

[Eric Goldsmith]

Hey folks,

Trying to upgrade to this FW from v 3.0.0.4.386_51665. Router goes through the motions, but upgrade doesn't happen - stays on _51665.

Looking at the logs for relevant bits, and found this:

Apr 18 19:29:07 AUTO_UPGRADE: To download fw/rsa, Start
Apr 18 19:29:07 AUTO_UPGRADE: cfg_trigger=1
Apr 18 19:29:07 AUTO_UPGRADE: ! IS_BCMHND
Apr 18 19:29:07 AUTO_UPGRADE: wget fw Real RT-AC68U_3004_386_51685-gd1be76f_un.zip
Apr 18 19:29:22 AUTO_UPGRADE: exit code: 0
Apr 18 19:29:22 AUTO_UPGRADE: wget fw Real RT-AC68U_3004_386_51685-gd1be76f_rsa2.zip
Apr 18 19:29:22 AUTO_UPGRADE: exit code: 0
Apr 18 19:29:22 AUTO_UPGRADE: mv trx OK
Apr 18 19:29:27 AUTO_UPGRADE: fw check error, CRC: 1 rsa: 0
Apr 18 19:29:27 AUTO_UPGRADE: To download fw/rsa, End

Not sure why it's downloading two firmware files. But, am I reading it right that the "fw check error" (second line from bottom) indicates a failed CRC checksum? Any ideas why?

Thanks,
Eric

 

[OzarkEdge]

Try a fresh copy of the correct firmware file... confirm the download file checksum before using the file. Dismount/disconnect any USB storage that might consume memory. Reboot router first to clear any conditions and memory.

OE

 

[Intrepid]

Hey folks,

Trying to upgrade to this FW from v 3.0.0.4.386_51665. Router goes through the motions, but upgrade doesn't happen - stays on _51665.

Looking at the logs for relevant bits, and found this:

Apr 18 19:29:07 AUTO_UPGRADE: To download fw/rsa, Start
Apr 18 19:29:07 AUTO_UPGRADE: cfg_trigger=1
Apr 18 19:29:07 AUTO_UPGRADE: ! IS_BCMHND
Apr 18 19:29:07 AUTO_UPGRADE: wget fw Real RT-AC68U_3004_386_51685-gd1be76f_un.zip
Apr 18 19:29:22 AUTO_UPGRADE: exit code: 0
Apr 18 19:29:22 AUTO_UPGRADE: wget fw Real RT-AC68U_3004_386_51685-gd1be76f_rsa2.zip
Apr 18 19:29:22 AUTO_UPGRADE: exit code: 0
Apr 18 19:29:22 AUTO_UPGRADE: mv trx OK
Apr 18 19:29:27 AUTO_UPGRADE: fw check error, CRC: 1 rsa: 0
Apr 18 19:29:27 AUTO_UPGRADE: To download fw/rsa, End

Not sure why it's downloading two firmware files. But, am I reading it right that the "fw check error" (second line from bottom) indicates a failed CRC checksum? Any ideas why?

Thanks,
Eric

Just manually download the firmware and manually flash the firmware (Method 2):
https://www.asus.com/support/faq/1008000/#a2

Note: Backup Router Settings First under Administration
Note: If you still have troubles, make notes on your all your settings and then factory reset your router.
https://www.asus.com/support/faq/1000925/

 

[binary_lifestyle]

Hey folks,

Trying to upgrade to this FW from v 3.0.0.4.386_51665. Router goes through the motions, but upgrade doesn't happen - stays on _51665.

Looking at the logs for relevant bits, and found this:

Apr 18 19:29:07 AUTO_UPGRADE: To download fw/rsa, Start
Apr 18 19:29:07 AUTO_UPGRADE: cfg_trigger=1
Apr 18 19:29:07 AUTO_UPGRADE: ! IS_BCMHND
Apr 18 19:29:07 AUTO_UPGRADE: wget fw Real RT-AC68U_3004_386_51685-gd1be76f_un.zip
Apr 18 19:29:22 AUTO_UPGRADE: exit code: 0
Apr 18 19:29:22 AUTO_UPGRADE: wget fw Real RT-AC68U_3004_386_51685-gd1be76f_rsa2.zip
Apr 18 19:29:22 AUTO_UPGRADE: exit code: 0
Apr 18 19:29:22 AUTO_UPGRADE: mv trx OK
Apr 18 19:29:27 AUTO_UPGRADE: fw check error, CRC: 1 rsa: 0
Apr 18 19:29:27 AUTO_UPGRADE: To download fw/rsa, End

Not sure why it's downloading two firmware files. But, am I reading it right that the "fw check error" (second line from bottom) indicates a failed CRC checksum? Any ideas why?

Thanks,
Eric

I am experiencing the exact same thing with auto upgrade, didn't try to install manually or even via a button though - hope it will resolve by itself. Based on the uptime it reboots but still stays on the same firmware. Logs contain same fragments you posted multiple times - looks like there are retries - and then it stops.

Seems like /jffs/webs_upgrade.log also worth checking (be careful with posting it since it has ISP and location for some reason).

 

[andyross]

Other than auto update not working, does this update seem to be OK?

 

[tl3000]

Other than auto update not working, does this update seem to be OK?

I received notification of update being available and upgraded without any issue yesterday. My RT-AC66B is still showing up-to-date at previous version so the rolling update hasn't reach it yet. FYI.

 

[Intrepid]

Other than auto update not working, does this update seem to be OK?

Yes. I've tested it in a small business and in a home environment (both without AiMesh).

 

[Tech9]

I've tested it

Could you please check if this bug is fixed?

Release - ASUS RT-AC68U Firmware version 3.0.0.4.386_51668 (2023/11/30 )

I'm checking something on this firmware and found Firewall, Network Services doesn't save changes. This was a bug in 388 firmware for NHD models for quite some time, but fixed now. This thing here: No one noticed it's not working? The router is RT-AC1900P, runs the same firmware.

www.snbforums.com

 

[Intrepid]

Could you please check if this bug is fixed?

Release - ASUS RT-AC68U Firmware version 3.0.0.4.386_51668 (2023/11/30 )

I'm checking something on this firmware and found Firewall, Network Services doesn't save changes. This was a bug in 388 firmware for NHD models for quite some time, but fixed now. This thing here: No one noticed it's not working? The router is RT-AC1900P, runs the same firmware.

www.snbforums.com

Works fine for me:

NOTES: The SANS Institute and Microsoft recommend at least blocking outbound traffic using the following ports:

NetBIOS/IP TCP, UDP Port 137-139
SMB/IP TCP Port 445
MS RPC TCP, UDP Port 135
Trivial File Transfer Protocol (TFTP) UDP Port 69
System log UDP Port 514
Simple Network Management Protocol (SNMP) UDP Port 161-162
Internet Relay Chat (IRC) TCP Port 6660-6669

Test here:
http://portquiz.net/

Sources:
https://www.pcidssguide.com/firewall-rule-configuration-best-practices/
https://support.microsoft.com/en-us...-network-c0541db7-2244-0dce-18fd-14a3ddeb282a