Release ASUS RT-AC86U 3.0.0.4.386.45956 2021/11/25

[OzarkEdge]

RT-AC86U｜WiFi Routers｜ASUS USA

Version 3.0.0.4.386.45956
2021/11/25 62.68 MBytes
ASUS RT-AC86U Firmware version 3.0.0.4.386.45956
This version includes several vulnerability patches.
BusyBox
- CVE-2016-2148
- CVE-2016-6301
- CVE-2018- 1000517

cURL
- CVE-2020-8169
- CVE-2019-5481
- CVE-2019-5482
- CVE-2018-1000120
- CVE-2018- 1000300
- CVE-2018-16839

Lighttpd
- CVE-2018-19052

Linux
- CVE-2020-14305
- CVE-2020-25643
- CVE-2019-19052

lldpd
- CVE-2020-27827

Avahi
- CVE-2017-6519

hostapd
- CVE-2021-30004
- CVE-2019-16275

OpenVPN
- CVE-2020-11810
- CVE-2020-15078

wpa
- CVE-2021-30004
- CVE-2021-27803
- CVE-2019-11555
- CVE-2019-9499
- CVE-2019-9498
- CVE-2019-9497
- CVE-2019-9496
- CVE-2019-9495
- CVE-2019-9494
- CVE-2017-13086
- CVE-2017-13084
- CVE-2017-13082
- CVE-2016-4476
- CVE-2015-8041

- Fixed envrams exposed issue. Thanks to Quentin Kaiser from IoT Inspector Research Lab contribution.
- Fixed Stored XSS vulnerability.
- Fixed CVE-2021-41435, CVE-2021-41436.
Thanks to Efstratios Chatzoglou, University of the Aegean
Georgios Kambourakis, European Commission at the European Joint Research Centre
Constantinos Kolias, University of Idaho.
- Fixed Stack overflow vulnerability. Thanks to Jixing Wang (@chamd5) contribution.
- Fixed information disclosure vulnerability .Thanks to CataLpa from DBappSecurity Co.,Ltd Hatlab and 360 Alpha Lab contribution.
- Fixed httpd and Cfg server DoS vulnerability
Thanks to Wei Fan from NSFOCUS GeWuLAB.
- Fixed stack overflow vulnerability
- Fixed DoS vulnerability
Thanks for the contribution of Fans0n, le3d1ng, Mwen, daliy yang from 360 Future Security Labs

Please unzip the firmware file first then check the MD5 code.
MD5:c924f36ddba3fcaab42513f01a989483

OE

 

[bbunge]

Also has DoT. And Auto Upgrade worked! Seems to use a bit less RAM.

 

[OzarkEdge]

Clean install, first impressions are good...

First attempt to upload the remote node remotely failed. Could be the 44470 release(?). I pulled the node close and it uploaded fine.

Node in remote location booted with 2.4 WLAN on wrong channel. Remote reboot bumped it to the set channel.

WiFi seems strong.

OE

 

[LimJK]

First attempt to upload the remote node remotely failed. Could be the 44470 release(?). I pulled the node close and it uploaded fine.

OE

OE,
I have RT-AX88U 3.0.0.4_386_45934 (AiMesh Router) and 2 RT-AC86U (AiMesh Nodes),
I did GUI FW Upgrade successfully for my 2 RT-AC86U AiMesh Nodes from 3.0.0.4.386.44470 to 3.0.0.4.386.45956.

 

[maxbraketorque]

Its finally arrived!

 

[DarkKnight75]

Dirty upgrade from 4440 (solid was running 5 months without an issue)..hope this release is as solid.

 

[OzarkEdge]

Dirty upgrade from 4440 (solid was running 5 months without an issue)..hope this release is as solid.

I'm hoping it's the release I stopped by to pick up in 2018!

OE

 

[Robinbb]

Dirty upgrade - all seems to be OK but I guess it is early days!

 

[Tech9]

DoT is there, but not DNSFilter. Both were present in Asuswrt RC3-1 beta. DDNS still doesn't detect external IP's. Folks in double NAT due to ISP limitations have to rely on other DDNS update methods. I don't know what is so complicated for Asus to implement this option.

 

[VANT]

DNSFilter ? You meen this ?

 

[Tech9]

No, it redirects queries to your DNS servers. Prevents custom DNS on the clients. LAN section option in Asuswrt. It's available in Asuswrt-Merlin for years and was present in Asuswrt RC3-1 beta.

 

[bbunge]

No, it redirects queries to your DNS servers. Prevents custom DNS on the clients. LAN section option in Asuswrt. It's available in Asuswrt-Merlin for years and was present in Asuswrt RC3-1 beta.

Believe there were some trademark reasons the DNS Filter was removed. It will be back sometime.

 

[OzarkEdge]

Clean install, first impressions are good...

First attempt to upload the remote node remotely failed. Could be the 44470 release(?). I pulled the node close and it uploaded fine.

Node in remote location booted with 2.4 WLAN on wrong channel. Remote reboot bumped it to the set channel.

WiFi seems strong.

OE

As luck would have it, the bit of trouble I had installing this firmware is due to a dying 2.4 radio on my AC86U wireless node, not any firmware. See this post for the symptoms observed:

Beta - ASUSWRT 386 RC3-2 public beta

What's the deal with the GT-Ac5300 !!! Since May no new firmware, where other routers already received several updates. Still facing issue with 2nd 5 Ghz band giving high ping peaks >2000ms and problems transmitting data on 2.4 Ghz.

www.snbforums.com

Another one bites the dust!

OE

 

[bitsbytes]

As luck would have it, the bit of trouble I had installing this firmware is due to a dying 2.4 radio on my AC86U wireless node, not any firmware. See this post for the symptoms observed:

Beta - ASUSWRT 386 RC3-2 public beta

What's the deal with the GT-Ac5300 !!! Since May no new firmware, where other routers already received several updates. Still facing issue with 2nd 5 Ghz band giving high ping peaks >2000ms and problems transmitting data on 2.4 Ghz.

www.snbforums.com

Another one bites the dust!

OE

At this point I'm just waiting for one of my ac86u Routers to die. I Can't live like this

Sorry for your loss.

Just did a clean install but when setting up the router again I noticed aiprotect data is still there along with some other info. I updated using the gui, then reset from it as well. Don't know if I should do another reset or keep using it as it is.

 

[OzarkEdge]

At this point I'm just waiting for one of my ac86u Routers to die. I Can't live like this

Sorry for your loss.

Just did a clean install but when setting up the router again I noticed aiprotect data is still there along with some other info. I updated using the gui, then reset from it as well. Don't know if I should do another reset or keep using it as it is.

I know how you feel! The reason I was thrashing around trying the closed RC3-1 beta firmware was that feeling that something was not right.

The GUI reset 'Restore with Initialize' should clear the logged data. The reset to firmware defaults is the important part, so retaining the previous logged data may not matter... I just don't know what I don't know. A dirty install (no reset) is suppose to be ok in general, so I would leave it as is until... later.

OE

 

[jsbeddow]

Yes, if I remember correctly, the accumulated stats from TrendMicro are stored in the jffs partition, so it will require the "full reset and initialize" to format and clear that partition (and thus the stats) when using stock Asus firmware. Or, if using the Rmerlin firmware, the separate function to explicitly format the jffs partion on the next reboot.

 

[Tech9]

trademark reasons

Yes, the name. Makes sense.

 

[bitsbytes]

RAM usage in this firmware is noticeably lower than previous ones. CPU temps however are at an all time high. if it's reaching the temps I'm seeing with two cooling fans on I cant imagine what temps other users are getting.

 

[VANT]

try pwr -show in cmd and put the result here

 

[bitsbytes]

try pwr -show in cmd and put the result here

never mind. turns out the fans stopped working complexly I'm using this link to see the temp

http://router.asus.com/ajax_coretmp.asp

without the fans I'm seeing a temp exceeding 80c, before that my temps never got over 60c