Menu
What's new
By:
Filters Better Search

Release ASUS RT-AC68U Firmware version 3.0.0.4.386_51685 (2024/04/15)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ASUS warns of critical remote authentication bypass on seven routers including the End of Life RT-AC68U which will not be updated if they follow their policy.

See: https://www.bleepingcomputer.com/ne...al-remote-authentication-bypass-on-7-routers/

I recommend you consider upgrading to the RT-AX86U Pro or another Asus router with 3.0.0.6 series firmware.

Update: The last firmware already mitigated this CVE-2024-3080. But it was added to the release notes after the original release...
 
Last edited:
Intrepid said:
ASUS warns of critical remote authentication bypass on seven routers including the End of Life RT-AC68U which will not be updated if they follow their policy.

See: https://www.bleepingcomputer.com/ne...al-remote-authentication-bypass-on-7-routers/

I recommend you consider upgrading to the RT-AX86U Pro or another Asus router with 3.0.0.6 series firmware.
Click to expand...
Seems to be already fixed in this very release. Don't know why it wasn't listed in post #1, but it's included now.
ASUS RT-AC68U Firmware version 3.0.0.4.386_51685
Version 3.0.0.4.386_51685
98.85 MB
2024/04/15
- Fixed CVE-2024-3079 and CVE-2024-3080. Thanks to the contribution of swing from Chaitin Security Research Lab.
- Fixed command injection vulnerability.
- Fixed the ARP poisoning vulnerability. Thanks to the contribution of Xin'an Zhou.
- Fixed code execution in custom OVPN. Thanks to the contrubution of Jacob Baines.
- Fixed the injection vulnerability in AiCloud.
- Fixed stack buffer overflow in lighttpd. Special thanks to Viktor Edstrom.
- Fixed CVE-2023-35720
- Fixed the code execution vulnerability in AiCloud. Thanks to the contribution of chumen77.
- Fixed the XSS and Self-reflected HTML injection vulnerability. Thanks to the contrubution of Redfox Cyber Security.
Click to expand...
 
ColinTaylor said:
Seems to be already fixed in this very release. Don't know why it wasn't listed in post #1, but it's included now.
Click to expand...
Sorry, I missed that. It was added to the release notes after the original release...
 
Last edited:
The RT-AC86U is listed as one of the 7 affected routers and yet the CVE-2024-3080 issue was fixed in the 29 March 2024 firmware release. In fact, all 7 hade this issue fixed in March and April, so don't understand why this is being reported on in June.
 
Last edited:
cherio said:
Where can these release notes be found? Nether the downloaded release changelog nor https://www.asuswrt-merlin.net/changelog mention this
Click to expand...
This thread is discussing ASUS RT-AC68U Firmware version 3.0.0.4.386_51685 (2024/04/15) not the Asus-Merlin firmware.
ASUS RT-AC68U Firmware version 3.0.0.4.386_51685
Version 3.0.0.4.386_51685
98.85 MB
2024/04/15
- Fixed CVE-2024-3079 and CVE-2024-3080. Thanks to the contribution of swing from Chaitin Security Research Lab.
- Fixed command injection vulnerability.
- Fixed the ARP poisoning vulnerability. Thanks to the contribution of Xin'an Zhou.
- Fixed code execution in custom OVPN. Thanks to the contrubution of Jacob Baines.
- Fixed the injection vulnerability in AiCloud.
- Fixed stack buffer overflow in lighttpd. Special thanks to Viktor Edstrom.
- Fixed CVE-2023-35720
- Fixed the code execution vulnerability in AiCloud. Thanks to the contribution of chumen77.
- Fixed the XSS and Self-reflected HTML injection vulnerability. Thanks to the contrubution of Redfox Cyber Security.

*Please be advised that due to a security upgrade in AiMesh, we strongly recommend against downgrading to previous firmware versions, as this may lead to connection issues. Should you encounter any difficulties, resetting the AiMesh router to its default settings and re-establishing the mesh connection can resolve the problem.

Please unzip the firmware file, and then verify the checksum.
SHA256: aded7987b384440cffc24755a9e5005d09174bf4d2836ba8e50c3bca8866b755
Click to expand...
PS: And from the Asus Product Security Advisory page:
06/14/2024 XT8, XT8_V2, RT-AX88U, RT-AX58U, RT-AX57, RT-AC86U, RT-AC68U security update notice for CVE-2024-3079 and CVE-2024-3080

ASUS has released a new firmware update for the XT8, XT8_V2, RT-AX88U, RT-AX58U, RT-AX57, RT-AC86U, RT-AC68U

We advise you to check your equipment and security procedures regularly, as this will make you safer. As a user of an ASUS router, we recommend doing the following steps:

• Update your router with the newest firmware. We encourage you to do this when new firmware becomes available. You can find the newest firmware on the ASUS support page at
https://www.asus.com/support/ or the relevant product page at
https://www.asus.com/Networking/. ASUS has provided a link to new firmware for some routers at the end of this notice.
• Use different passwords for your wireless network and router-administration page. Use passwords that have at least 10 characters, with a mix of capital letters, numbers and symbols. Do not use the same password for more than one device or service.

If you are not able to update the firmware quickly, please make sure that both your login and WiFi passwords are strong. It is recommended (1) disable any services that can be reached from the internet, such as remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger. (2) passwords have more than 10 characters with a variety of capitalized letters, numbers, and special characters to increase the security level of your devices. Do not use passwords with consecutive numbers or letters, such as 1234567890, abcdefghij, or qwertyuiop."

For further help with router setup and an introduction to network security, please visit

Model name Support Site link
XT8 and XT8_V2 https://www.asus.com/uk/supportonly/asus zenwifi ax (xt8)/helpdesk_bios/
RT-AX88U https://www.asus.com/supportonly/RT-AX88U/helpdesk_bios/
RT-AX58U https://www.asus.com/supportonly/RT-AX58U/helpdesk_bios/
RT-AX57 https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax57/helpdesk_bios
RT-AC86U https://www.asus.com/supportonly/RT-AC86U/helpdesk_bios/
RT-AC68U https://www.asus.com/supportonly/RT-AC68U/helpdesk_bios/
Click to expand...
What is confusing some is the fact that this firmware update which contains the fix(s) for CVE-2024-3079 and CVE-2024-3080 has been out for several months for the seven mentioned routers, but is only now being mentioned by BleepingComputer and Asus.

As for the Asus-Merlin firmware for the seven mentioned routers, see here:
https://www.snbforums.com/threads/i...f-us-using-merlin-firmware.90598/#post-913315
 
Last edited:
wol-shiver said:
I don't see it on the FW details either.
Click to expand...
Look up ONE post from yours where I pasted exactly what Asus posted on their RT-AC68U firmware download page. The referenced CVE (PS: CVE-2024-3080) is specifically mentioned in the first line after the firmware version, size and release date.
 
Last edited:
Any thoughts on why the RT-AC66U B1, which is supposedly the same hardware as the RT-AC68U but in a different form factor, isn't listed as impacted by the security issue?
The most recent firmware for it has the same version number (3.0.0.4.386_51685), but doesn't mention the fixing of those critical CVEs (namely "Fixed CVE-2024-3079 and CVE-2024-3080.").
 
bennor said:
Look up ONE post from yours where I pasted exactly what Asus posted on their RT-AC68U firmware download page. The referenced CVE (PS: CVE-2024-3080) is specifically mentioned in the first line after the firmware version, size and release date.
Click to expand...
If you follow the comment thread of my responses, I was not asking about 3080. Thanks all the same.

Colin above answered me as the 0401 was listed under the copvn line.
 
You must log in or register to reply here.

Similar threads

bbunge
Release ASUS RT-AC66U B1 Firmware version 3.0.0.4.386_51685 2024/04/15
Replies
7
Views
1K
karlr
K
J
ASUS ExpertWiFi EBR63 Firmware version 3.0.0.6.102_44544 - 2024/04/26
Replies
17
Views
2K
Calkulin
C
E
Release ASUS RT-AX86 Series(RT-AX86U/RT-AX86S) Firmware version 3.0.0.4.388_24243 (2024/05/13)
2
Replies
38
Views
7K
slurmsmckenzie
slurmsmckenzie
visortgw
Release ASUS RT-AX88U Firmware version 3.0.0.4.388_24209 (2024/03/29)
2
Replies
24
Views
5K
wol-shiver
W
L
Release ASUS RT-AC86U Firmware version 3.0.0.4.386_51925 (2024/03/29)
Replies
11
Views
3K
galapogos01
G
Similar threads
Thread starter Title Forum Replies Date
V ASUS wireless 4G-AC68U firmware ASUSWRT - Official 1
Intrepid Release ASUS RT-AC68U Firmware version 3.0.0.4.386_51668 (2023/11/30 ) ASUSWRT - Official 70
Intrepid News RT-AC68U End of Life Announced by Asus ASUSWRT - Official 136
B ASUS RT-AC68U questions regarding non-NAT dual-stack ASUSWRT - Official 5
F Release ASUS RT-AX5400 Firmware version 3.0.0.4.388_25058 (2024/08/30) ASUSWRT - Official 0
F Release ASUS RT-AXE7800 Firmware version 3.0.0.4.388_25058 (2024/08/28) ASUSWRT - Official 0
F Release ASUS ZenWiFi XD4 Firmware version 3.0.0.4.388_25041 (2024/09/05) ASUSWRT - Official 2
P ASUS GT-AX6000 Web Interface Slow Response over Local Secure Connection ASUSWRT - Official 1
T ASUS GT-BE98 Pro any new Firmware ASUSWRT - Official 18
jerry6 Any feedback on ASUS GT-AX11000 PRO Firmware version 3.0.0.6.102_34715 ASUSWRT - Official 10

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 1,359 (members: 26, guests: 1,333)
Top