win465
Regular Contributor
ASUS RT-AC87U Firmware version 3.0.0.4.382.50010
Security fixed
-Fixed KRACK vulnerability
-Fixed CVE-2017-14491: DNS - 2 byte heap based overflow
-Fixed CVE-2017-14492: DHCP - heap based overflow
-Fixed CVE-2017-14493: DHCP - stack based overflow
-Fixed CVE-2017-14494: DHCP - info leak
-Fixed CVE-2017-14495: DNS - OOM DoS
-Fixed CVE-2017-14496: DNS - DoS Integer underflow
-Fixed CVE-2017-13704 : Bug collision
-Fixed predictable session tokens(CVE-2017-15654), logged user IP validation(CVE-2017-15653), Logged-in information disclosure (special thanks for Blazej Adamczyk contribution)
-Fixed web GUI authorization vulnerabilities.
-Fixed AiCloud XSS vulnerabilities
-Fixed XSS vulnerability. Thanks for Joaquim's contribution.
-Fixed LAN RCE vulnerability. An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program
-Fixed remote code execution vulnerability. Thanks to David Maciejak of Fortinet's FortiGuard Labs
-Fixed Smart Sync Stored XSS vulnerabilities. Thanks fo Guy Arazi's contribution.
-Fixed CVE-2018-5721 Stack-based buffer overflow.
New features
-HDD Hibernation
-URL filter black/white list
-Bandwidth limiter on guest network
-URL filter support https website
Bug fixed
-Fixed CTF related issues
-Fixed AiCloud smart sync issue.
-Fixed client icon modification issue when client name includes special characters.
-Fixed AiCloud smart sync problem.
http://dlcdnet.asus.com/pub/ASUS/wireless/RT-AC87U/FW_RT_AC87U_300438250010.ZIP
Source: https://www.asus.com/us/Networking/RTAC87U/HelpDesk_Download/
Security fixed
-Fixed KRACK vulnerability
-Fixed CVE-2017-14491: DNS - 2 byte heap based overflow
-Fixed CVE-2017-14492: DHCP - heap based overflow
-Fixed CVE-2017-14493: DHCP - stack based overflow
-Fixed CVE-2017-14494: DHCP - info leak
-Fixed CVE-2017-14495: DNS - OOM DoS
-Fixed CVE-2017-14496: DNS - DoS Integer underflow
-Fixed CVE-2017-13704 : Bug collision
-Fixed predictable session tokens(CVE-2017-15654), logged user IP validation(CVE-2017-15653), Logged-in information disclosure (special thanks for Blazej Adamczyk contribution)
-Fixed web GUI authorization vulnerabilities.
-Fixed AiCloud XSS vulnerabilities
-Fixed XSS vulnerability. Thanks for Joaquim's contribution.
-Fixed LAN RCE vulnerability. An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program
-Fixed remote code execution vulnerability. Thanks to David Maciejak of Fortinet's FortiGuard Labs
-Fixed Smart Sync Stored XSS vulnerabilities. Thanks fo Guy Arazi's contribution.
-Fixed CVE-2018-5721 Stack-based buffer overflow.
New features
-HDD Hibernation
-URL filter black/white list
-Bandwidth limiter on guest network
-URL filter support https website
Bug fixed
-Fixed CTF related issues
-Fixed AiCloud smart sync issue.
-Fixed client icon modification issue when client name includes special characters.
-Fixed AiCloud smart sync problem.
http://dlcdnet.asus.com/pub/ASUS/wireless/RT-AC87U/FW_RT_AC87U_300438250010.ZIP
Source: https://www.asus.com/us/Networking/RTAC87U/HelpDesk_Download/