What's new

Release ASUS RT-AX56U Firmware version 3.0.0.4.386.51665 (2023/05/18)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Piotrek

Senior Member
Version 3.0.0.4.386.51665 - 74.75 MB - 2023/05/18 - SHA256: e449985f2b02dc0217b723fa68425da21d033f2b3a6b9f929ca0f920ccdfe30a

Security updates:
-Enabled and supported ECDSA certificates for Let's Encrypt.
-Enhanced protection for credentials.
-Enhanced protection for OTA firmware updates.
-Fixed DoS vulnerabilities in firewall configuration pages. Thanks to Jinghe Gao's contribution.
-Fixed DoS vulerabilities in httpd. Thanks to Howard McGreehan.
-Fixed information disclosure vulnerability. Thanks to Junxu (Hillstone Network Security Research Institute) contribution.
-Fixed CVE-2023-28702 and CVE-2023-28703. Thanks to Xingyu Xu(@tmotfl) contribution.
-Fixed null pointer dereference vulnerabilities. Thanks to Chengfeng Ye, Prism Research Group - cse hkust contribution.
-Fixed the cfg server vulnerability. Thanks to Swing and Wang Duo from Chaitin Security Research Lab.
-Fixed the vulnerability in the logmessage function. Thanks to Swing and Wang Duo from Chaitin Security Research Lab C0ss4ck from Bytedance Wuheng Lab, Feixincheng from X1cT34m.

Download: https://dlcdnets.asus.com/pub/ASUS/wireless/RT-AX56U/FW_RT_AX56U_300438651665.zip?model=RT-AX56U
 
This seems to solve the problem. I installed this version on several RT-AX56U with this problem and they works.
I see. No need to ssh and remove the corrupted asd files or fully factory reset the router eh? Just flashing this works? Nice info! . Yeah i might need to flash this then on my brother's AX56U since his internet light goes to red every 10 minutes. Seems to be the same thing since it happens at the same time as everybody else.
 
A simple procedure was enough for me:
  1. Reboot
  2. Update firmware
  3. Reboot
Done. Works fine.
 
Good to see we're still receiving updates, unfortunately even with this newest version I still have issues with Wi-Fi speed - transmitting from any Wi-Fi device to the router is unstable and capped at around 250-350 Mbps (even on local network when using SMB, iperf3 etc...) and the last fw versions where I get always full speeds (>750 Mbps no matter what) are 3.0.0.4.386_45934 or Merlin 386.5_2 - anything newer is just slow for some reason, I think they messed something with the wireless driver (17.10 RC157.2802 is the last one working OK). I guess this will never be resolved since even multiple BETA fws provided to me by support had the same issue and then they just stopped responding...
 
Last edited:
I've just tried to copy a file via SMB from the HDD attached to the router and immediately got 400 Mbps through a thick concrete wall (on the Intel AX211 card).
 
I've just tried to copy a file via SMB from the HDD attached to the router and immediately got 400 Mbps through a thick concrete wall (on the Intel AX211 card).
Yep, it works fine when the router is sending data to devices, but anytime you are wirelessly sending data to the router it will be slow. So for example copying data from one PC->ethernet->router->Wi-Fi->another PC will be OK, but the other way (PC<-ethernet<-router<-Wi-Fi<-PC) will be always slow, switching to older firmware instantly fixes it.
 
Interesting, never tried that. Unfortunately, I physically cannot connect a PC to the router using Ethernet, but I've just tried PC to PC transfers over Wi-Fi, and they are indeed slow even with both clients using AX211.
 
Does anyone know if AsusWRT-MERLIN 388.2_2 (dd 7 May 2023) is affected by the security issues fixed in 3.0.0.4.386.51665 (dd 18 May 2023)?

Is it better to revert and flash the original Asus Firmware >or< can one keep going on the last-available Merlin Firmware?

*WAN Access is disabled - but running Wireguard and OpenVPN*

"Security updates:
-Enabled and supported ECDSA certificates for Let's Encrypt.
-Enhanced protection for credentials.
-Enhanced protection for OTA firmware updates.
-Fixed DoS vulnerabilities in firewall configuration pages. Thanks to Jinghe Gao's contribution.
-Fixed DoS vulerabilities in httpd. Thanks to Howard McGreehan.
-Fixed information disclosure vulnerability. Thanks to Junxu (Hillstone Network Security Research Institute) contribution.
-Fixed CVE-2023-28702 and CVE-2023-28703. Thanks to Xingyu Xu(@tmotfl) contribution.
-Fixed null pointer dereference vulnerabilities. Thanks to Chengfeng Ye, Prism Research Group - cse hkust contribution.
-Fixed the cfg server vulnerability. Thanks to Swing and Wang Duo from Chaitin Security Research Lab.

-Fixed the vulnerability in the logmessage function. Thanks to Swing and Wang Duo from Chaitin Security Research Lab C0ss4ck from Bytedance Wuheng Lab, Feixincheng from X1cT34m."
 
Last edited:

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top