Release ASUS RT-AC86U 3.0.0.4.386.45956 2021/11/25

[bitsbytes]

it seems like the Reboot Scheduler is not working properly. I've set mine to reboot once a week every Sunday at 6 AM and I noticed the router rebooting this morning at 6 AM exactly. I checked my settings and only Sunday was checked.

 

[L&LD]

Your router is not in a good/known state. When a simple option like this isn't working, it indicates a need for a full reset (to me).

 

[Tech9]

Reboot Scheduler is not working properly

You don't need to reboot your router on a schedule. If you do, something is not working properly. I would also reset and start over.

 

[bitsbytes]

Your router is not in a good/known state. When a simple option like this isn't working, it indicates a need for a full reset (to me).

I am on a full reset two of them in fact.

 

[bitsbytes]

You don't need to reboot your router on a schedule. If you do, something is not working properly. I would also reset and start over.

i know, it's a bad habit I cannot stop doing.

 

[Tech9]

If after clean setup it still doesn't work, you perhaps have found a firmware bug. I never tested this feature due to waiting involved. My test AC86U runs excellent on this 45956 firmware. The router is up for about 2 days only though because I was testing Asuswrt-Merlin beta2 on it. Merry Christmas!

 

[VANT]

it seems like the Reboot Scheduler is not working properly. I've set mine to reboot once a week every Sunday at 6 AM and I noticed the router rebooting this morning at 6 AM exactly. I checked my settings and only Sunday was checked.

check your time settings in router (gmt timezone, etc. and time in system log tab.)

 

[kamabazi]

RT-AC86U｜WiFi Routers｜ASUS USA

Version 3.0.0.4.386.45956
2021/11/25 62.68 MBytes
ASUS RT-AC86U Firmware version 3.0.0.4.386.45956
This version includes several vulnerability patches.
BusyBox
- CVE-2016-2148
- CVE-2016-6301
- CVE-2018- 1000517

cURL
- CVE-2020-8169
- CVE-2019-5481
- CVE-2019-5482
- CVE-2018-1000120
- CVE-2018- 1000300
- CVE-2018-16839

Lighttpd
- CVE-2018-19052

Linux
- CVE-2020-14305
- CVE-2020-25643
- CVE-2019-19052

lldpd
- CVE-2020-27827

Avahi
- CVE-2017-6519

hostapd
- CVE-2021-30004
- CVE-2019-16275

OpenVPN
- CVE-2020-11810
- CVE-2020-15078

wpa
- CVE-2021-30004
- CVE-2021-27803
- CVE-2019-11555
- CVE-2019-9499
- CVE-2019-9498
- CVE-2019-9497
- CVE-2019-9496
- CVE-2019-9495
- CVE-2019-9494
- CVE-2017-13086
- CVE-2017-13084
- CVE-2017-13082
- CVE-2016-4476
- CVE-2015-8041

- Fixed envrams exposed issue. Thanks to Quentin Kaiser from IoT Inspector Research Lab contribution.
- Fixed Stored XSS vulnerability.
- Fixed CVE-2021-41435, CVE-2021-41436.
Thanks to Efstratios Chatzoglou, University of the Aegean
Georgios Kambourakis, European Commission at the European Joint Research Centre
Constantinos Kolias, University of Idaho.
- Fixed Stack overflow vulnerability. Thanks to Jixing Wang (@chamd5) contribution.
- Fixed information disclosure vulnerability .Thanks to CataLpa from DBappSecurity Co.,Ltd Hatlab and 360 Alpha Lab contribution.
- Fixed httpd and Cfg server DoS vulnerability
Thanks to Wei Fan from NSFOCUS GeWuLAB.
- Fixed stack overflow vulnerability
- Fixed DoS vulnerability
Thanks for the contribution of Fans0n, le3d1ng, Mwen, daliy yang from 360 Future Security Labs

Please unzip the firmware file first then check the MD5 code.
MD5:c924f36ddba3fcaab42513f01a989483

OE

MD5 code should be
MD5:a4dfc8320250d21469c5ab1d8a5cac80

 

[dave14305]

MD5 code should be
MD5:a4dfc8320250d21469c5ab1d8a5cac80

Not after you unzip the file.

 

[kamabazi]

Not after you unzip the file.

My bad, I have the GT-2900 so was comparing to that fw for it.
Both FW have the same exact FW numbers but different file sizes and MD5 codes.

 

[OzarkEdge]

MD5 code should be
MD5:a4dfc8320250d21469c5ab1d8a5cac80

The subject Asus firmware file MD5 checksum value (code) is correct as posted by Asus. You may need to review your math.

OE

 

[kamabazi]

The subject Asus firmware file MD5 checksum value (code) is correct as posted by Asus. You may need to review your math.

OE

I mixed up FW of gt2900 with AC86u. They are different and hence different MD5 code

 

[Nev05]

Ever since I upgraded to this new firmware, webpages don't load on the first try on 2.4ghz only. I did a "dirty" firmware upgrade and my router settings are similar to the ones in OzarkEdge sig. I am not using mesh, just the AC86u connected to my modem. Any help would be appreciated?

 

[OzarkEdge]

Ever since I upgraded to this new firmware, webpages don't load on the first try on 2.4ghz only. I did a "dirty" firmware upgrade and my router settings are similar to the ones in OzarkEdge sig. I am not using mesh, just the AC86u connected to my modem. Any help would be appreciated?

Before one of my AC86Us died, web pages would not load on the first try. Took a few weeks for the router to completely die.

I would reset and re-commission the router and hope for the best.

OE

 

[Nev05]

Before one of my AC86Us died, web pages would not load on the first try. Took a few weeks for the router to completely die.

I would reset and re-commission the router and hope for the best.

OE

I didn't want to go through the whole reset process but I guess thats my only option now. I will report back, thank you !

 

[keefrto]

RT-AC86U｜WiFi Routers｜ASUS USA

Version 3.0.0.4.386.45956
2021/11/25 62.68 MBytes
ASUS RT-AC86U Firmware version 3.0.0.4.386.45956
This version includes several vulnerability patches.
BusyBox
- CVE-2016-2148
- CVE-2016-6301
- CVE-2018- 1000517

cURL
- CVE-2020-8169
- CVE-2019-5481
- CVE-2019-5482
- CVE-2018-1000120
- CVE-2018- 1000300
- CVE-2018-16839

Lighttpd
- CVE-2018-19052

Linux
- CVE-2020-14305
- CVE-2020-25643
- CVE-2019-19052

lldpd
- CVE-2020-27827

Avahi
- CVE-2017-6519

hostapd
- CVE-2021-30004
- CVE-2019-16275

OpenVPN
- CVE-2020-11810
- CVE-2020-15078

wpa
- CVE-2021-30004
- CVE-2021-27803
- CVE-2019-11555
- CVE-2019-9499
- CVE-2019-9498
- CVE-2019-9497
- CVE-2019-9496
- CVE-2019-9495
- CVE-2019-9494
- CVE-2017-13086
- CVE-2017-13084
- CVE-2017-13082
- CVE-2016-4476
- CVE-2015-8041

- Fixed envrams exposed issue. Thanks to Quentin Kaiser from IoT Inspector Research Lab contribution.
- Fixed Stored XSS vulnerability.
- Fixed CVE-2021-41435, CVE-2021-41436.
Thanks to Efstratios Chatzoglou, University of the Aegean
Georgios Kambourakis, European Commission at the European Joint Research Centre
Constantinos Kolias, University of Idaho.
- Fixed Stack overflow vulnerability. Thanks to Jixing Wang (@chamd5) contribution.
- Fixed information disclosure vulnerability .Thanks to CataLpa from DBappSecurity Co.,Ltd Hatlab and 360 Alpha Lab contribution.
- Fixed httpd and Cfg server DoS vulnerability
Thanks to Wei Fan from NSFOCUS GeWuLAB.
- Fixed stack overflow vulnerability
- Fixed DoS vulnerability
Thanks for the contribution of Fans0n, le3d1ng, Mwen, daliy yang from 360 Future Security Labs

Please unzip the firmware file first then check the MD5 code.
MD5:c924f36ddba3fcaab42513f01a989483

OE

Much obliged for this, all three 86U dirty upgrades and so far so good.

 

[keefrto]

RT-AC86U currently running Asuswrt-Merlin alpha4, but flashed on top of Asuswrt 45956 without reset.
DoT to Google example, working in both firmware versions. Also tested with DoT to Cloudflare and CleanBrowsing.

View attachment 37735

DoT to known AdGuard servers fails on both Asuswrt and Asuswrt-Merlin. Must be AdGuard issue.

Hi and apologies in advance for my ignorance but what does this all mean? I dont have mine like this pre upgrade to latest firmware, do i need to do the DoT stuff, DNS privacy protocol? i have my DNS server set to cloudfare, cheers

 

[Tech9]

I dont have mine like this pre upgrade to latest firmware

You don't need to. I just didn't reset to default when changing the firmware.

do i need to do the DoT stuff, DNS privacy protocol?

Only if you want to. It's optional and available to DNS servers with DoT support.

 

[keefrto]

You don't need to. I just didn't reset to default when changing the firmware.



Only if you want to. It's optional and available to DNS servers with DoT support.

cheers, i don't even know what DoT support is anyways, lol.

 

[Tech9]

DoT - DNS-over-TLS