Release ASUS RT-AX86 Series (RT-AX86U/RT-AX86S) Firmware version 3.0.0.4.388_24338 (2025/03/25)

[fruitcornbread]

Version 3.0.0.4.388_24338
71.55 MB
2025/03/25

1. Fixed the UI issue in Chrome.
2. Fixed client binding issues in Mesh scenarios.
3. Enhanced input parameter handling techniques to improve data processing stability and system security.
4. Enhance system access control mechanisms.

ZIP SHA-256 : 9EEA3104BBBF294208E0EE7F11BB3732F5683A575F1C6155767794D9D1EF3292
FW SHA-256 : 52d9877462bfff4b8680fba6e1244bbb9775c5023b831cbf40bfd2f4c25b6a0e

Download: https://dlcdnets.asus.com/pub/ASUS/...T_AX86U_AX86S_300438824338.zip?model=RT-AX86U

 

[Jbennett360]

Finally here!

 

[Micgang]

Just updated my ax86u to this version. Hope it’s stable. The most recent version for my 92u created a lot of problems….

 

[sracer_m5]

All good so far except after updating, 4 smartplugs would no longer connect with WPA2/WPA3-Personal. They only connect with WPA2-Personal now. To my surprise this persisted even after reverting to the previous firmware 3004388_24323 and power cycling (with it off for ~4min). I didn't think a factory reset before reverting should be necessary so that I didn't try. Seems like Asus must have updated WPA2/WPA3-Personal authentication, affecting handshake negotiation? ...which somehow persisted after reverting?

I'm curious if anyone else had this type of issue, and if someone knows why it persisted the way I reverted the firmware.

p.s. Also a new TV no longer connects with WPA3-Personal or WPA2/WPA3-Personal like it did before the update. Have to use WPA2-Personal. This I'm not so happy about.

 

[visortgw]

All good so far except after updating, 4 smartplugs would no longer connect with WPA2/WPA3-Personal. They only connect with WPA2-Personal now. To my surprise this persisted even after reverting to the previous firmware 3004388_24323 and power cycling (with it off for ~4min). I didn't think a factory reset before reverting should be necessary so that I didn't try. Seems like Asus must have updated WPA2/WPA3-Personal authentication, affecting handshake negotiation? ...which somehow persisted after reverting?

I'm curious if anyone else had this type of issue, and if someone knows why it persisted the way I reverted the firmware.

p.s. Also a new TV no longer connects with WPA3-Personal or WPA2/WPA3-Personal like it did before the update. Have to use WPA2-Personal. This I'm not so happy about.

Have you tried "forgetting" and re-pairing problem devices?

 

[iFrogMac]

I'll get around to updating mine at some point. I only have it around for a backup now, so it's not actively in use. My setup has become stable for the past several months, so I've just left it alone, and haven't had to troubleshoot any random behavior.

 

[NSNE]

My AX86U AiMesh node has been janky ever since updating to the long-overdue AX89X firmware. But it looks like some of the issues I mentioned in that AX89X thread (e.g., node flakiness, poor mesh client distribution, binds not being respected) were resolved with this AX86U update.

 

[sracer_m5]

Have you tried "forgetting" and re-pairing problem devices?

Yes. That's not far down the list of troubleshooting steps I try, but unfortunately it didn't solve this problem. Factory reset the devices many times (tried changing from one quest network to another with the same settings to no avail). Root problem appears to be an issue with my router after this firmware update where newer plugs and a very new TV do not connect with WPA2/WPA3-Personal or, in the case of the TV before this update -> connecting to a guest network set to WPA3-Personal. That leads me to believe the root issue is a change after updating - affecting WPA2/WPA3-Personal and WPA3-Personal negotiation.

p.s. *no need to reply to this short complaint, and wishful thinking below, 2-3hrs sleep for many days can barely make coffee*
Certainly having 2-3 different brands of devices native to different platforms introduces maintenance issues with linking to the platform I use the most. I look forward to hopefully sooner than later, replacing many of my inexpensive devices (mainly smartplugs) with better brands that support matter and thread support operating more locally (vs. everything through the cloud) on hopefully an isolated guest network (assuming I'm understand the gist of how that should work).

 

[Tech9]

affecting WPA2/WPA3-Personal

This setting doesn’t make much sense anyway. Your network is as secure as WPA2-Personal with extra complication on top. Your smart plugs are perhaps Wi-Fi 4 and don’t support WPA3.

 

[djjsin]

This firmware gave me quiet a bit of problems on an Aimesh node i having running off an RT-AX88u pro. Many devices never would roam to it, and if i tried binding it there i'd just get an incorrect password when the wifi would try to connect. Both on 2.4 and 5.0ghz tried removing the node and re adding, didn't fix it. Tried downgrading the node. Didn't fix it. The only way i could get the node back to working order was to downgrade to previous firmware, remove the node, and readd it. now all my devices have no issue roaming again to it or being bound to it.

 

[iFrogMac]

I'm considering bringing my RT-AX86U's firmware up to date today, so it's on the latest firmware as my backup. Since I don't need to change it out to be the main router, would configuring it as an AIMesh node be a suitable way to update it? I was looking at some of the issues people were reporting before posting, and was wondering based on that feedback if it's even worth installing the firmware, or just leaving it as is. It has the second latest firmware (the one from last year) that patched the AICloud holes.

 

[Tech9]

To configure it as AiMesh Node you have to reset it back to factory defaults. You are going to end up with updated firmware blank router after. A backup router is usually something pre-configured and ready to go in case of failure. So it comes down to what your understanding of "backup router" is.

 

[iFrogMac]

To configure it as AiMesh Node you have to reset it back to factory defaults. You are going to end up with updated firmware blank router after. A backup router is usually something pre-configured and ready to go in case of failure. So it comes down to what your understanding of "backup router" is.

Right, I was going to factory reset it, and do it as an AIMesh mode, as far as what I consider a backup is just having another router on hand, even if i have to set it up fresh. I can also connect it to my laptop and save my current config and then re upload it if I need to use the router again. I don't use the laptop much anymore so it's good for quick jobs like this locally without taking the network down. I could also do the firmware update this way as well, as long as the 86U zip file is good and not corrupted as the BE92U one on the site that people were reporting having issues with.

My main question was, based on the reports people were posting and having to go back to resolve the issues, should I just skip this update, and leave the 86U on it's current firmware.

 

[Tech9]

For a router just sitting on your shelf powered off - it doesn't matter. I personally don't remember what firmware I loaded last on my own RT-AX86U. If you're okay with a blank spare router - just update it off-line and reset it, keep it in factory default state. No need to touch your working network for this.

 

[iFrogMac]

For a router just sitting on your shelf powered off - it doesn't matter. I personally don't remember what firmware I loaded last on my own RT-AX86U. If you're okay with a blank spare router - just update it off-line and reset it, keep it in factory default state. No need to touch your working network for this.

Thanks, that's the plan, I'll just update. offline as I've done before at least once, and just save it until needed.

 

[kjoshj]

This setting doesn’t make much sense anyway. Your network is as secure as WPA2-Personal with extra complication on top. Your smart plugs are perhaps Wi-Fi 4 and don’t support WPA3.

This is not true from what I understand, while network access is only as secure as WPA2, any device that is connected via WPA3 cannot have its traffic viewed by a device that has only broken WPA2. Yes it doesn't prevent rogue access like full WPA3, but if its data in the air waves from a WPA3 capable device that is the concern the WPA2/WPA3 setting is better.

 

[Tech9]

This is not true from what I understand

I'm totally fine with someone else's understanding of things and eventual common issues resulting from it. Asus routers use WPS connections for AiMesh node discovery, it stays active after and the code can be cracked in hours. If someone in Wi-Fi reach really wants to get on the network the few phones connected with WPA3 won't make any difference. They are not subject of interest anyway.

 

[bbunge]

This is not true from what I understand, while network access is only as secure as WPA2, any device that is connected via WPA3 cannot have its traffic viewed by a device that has only broken WPA2. Yes it doesn't prevent rogue access like full WPA3, but if its data in the air waves from a WPA3 capable device that is the concern the WPA2/WPA3 setting is better.

Mmmm...maybe not. I ran WPA2/WPA3-Personal on my AX86U when it was new for me. I did have issues with some older clients that did not like that configuration that I solved by adding a guest WIFI with just WPA2-Personal. But, every time a minor change was made to the router, several other "newer" clients would not connect. In time I got tired of this and went back to WPA2-Personal which is the Asus default.
Now, if I had all spiffy new clients that would support WPA3-Personal, there is a chance I might set the router to WPA3-Personal. Then again...
Network WIFI security is an environment specific need. I live in a community of mostly seniors who do not have a clue about WIFI network. The ISP's set up the WIFI and that is it.

 

[Tech9]

mostly seniors

All undercover hackers capturing your air waves all day long simply because they have nothing else to do.

 

[kjoshj]

@Tech9, I completely get it; I don't think it's worth the complications and I am not using it myself, but the way you said:
"Your network is as secure as WPA2-Personal with extra complication on top."

This to a reader would be understood to mean that there is no security benefit at all to using WPA3 mixed-mode. As I agreed with you, it's known that it doesn't make it any harder than plain WPA2 for someone to get on the network. However the traffic itself to the WPA3 clients should be executed differently in mixed-mode. It's definitely a niche case, but gives the extra paranoid an option until all their clients are WPA3 capable.