Release ASUS RT-AX86U Firmware version 3.0.0.4.386.46061 (2022/01/11)

[tallytr]

I am bored, I want a new firmware, now!

 

[Paliv]

I am bored, I want a new firmware, now!

As long as it doesn’t brick anything I’m game!

 

[tallytr]

I can see what Asus is doing, no more new firmware for AX86U...they want us to upgrade to AX6000

 

[neil0311]

I can see what Asus is doing, no more new firmware for AX86U...they want us to upgrade to AX6000

I just bought a AX86U, so I hope that’s not the case.

 

[tallytr]

I just bought a AX86U, so I hope that’s not the case.

Pretty sure they will release an update shortly with new security related patches, having said that, if I were Asus I would take my time, no need to rush anything, especially with the recent update "bricking" some routers...
I take a stable firmware any day over a "bricked" router.
The AX86U has been my best router by far.

 

[visortgw]

Pretty sure they will release an update shortly with new security related patches, having said that, if I were Asus I would take my time, no need to rush anything, especially with the recent update "bricking" some routers...
I take a stable firmware any day over a "bricked" router.
The AX86U has been my best router by far.

The RT-AX86U was my best router so far until I replaced it with the GT-AX6000 (and upgraded my backbone to 2.5 Gbps), using the Merlin firmware — I relegated my RT-AX68U to its current role as an AiMesh node using the latest Asus baseline firmware. I have Spectrum 1 Gbps down/35 Mbps up cable connection — over the past month since upgrading to the GT-AX6000, I am averaging 1.1 Gbps down/40 Mbps up (yes, more than the advertised rates). I use a TP-Link TL-SG3210XHP-M2 10-port (8 2.5 Gbps RJ-45 ports plus 2 10 Gbps SFP+ ports) managed switch — the TRENDnet TEG-S380 8-port unmanaged switch does not forward VLAN tags necessary to fully support AiMesh guest network 1, and the TP-Link TL-SG108-M2 8-port unmanaged switch was simply unavailable (TP-Link unmanaged switches typically forward VLAN tags). I also added Cable Matters 2.5 Gbps USB-to-Ethernet adapters (Realtek RTL8156B chip) for my Synology NASs, greatly improving their performance — using iperf3 to test, I can realize 2.46 Gbps NAS-to-NAS.

 

[Suresh]

Will the next FW have support for WireGuard?

 

[L&LD]

Crystal ball is still broken, check stickies.

 

[OzarkEdge]

Same issue on my own network... looking forward to the next firmware.

OE

I have since confirmed this issue first mentioned here on my AiMesh and two standalone router installations.

Looking forward to the next release!

OE

 

[SAL9K]

The RT-AX86U was my best router so far until I replaced it with the GT-AX6000 (and upgraded my backbone to 2.5 Gbps), using the Merlin firmware — I relegated my RT-AX68U to its current role as an AiMesh node using the latest Asus baseline firmware. I have Spectrum 1 Gbps down/35 Mbps up cable connection — over the past month since upgrading to the GT-AX6000, I am averaging 1.1 Gbps down/40 Mbps up (yes, more than the advertised rates). I use a TP-Link TL-SG3210XHP-M2 10-port (8 2.5 Gbps RJ-45 ports plus 2 10 Gbps SFP+ ports) managed switch — the TRENDnet TEG-S380 8-port unmanaged switch does not forward VLAN tags necessary to fully support AiMesh guest network 1, and the TP-Link TL-SG108-M2 8-port unmanaged switch was simply unavailable (TP-Link unmanaged switches typically forward VLAN tags). I also added Cable Matters 2.5 Gbps USB-to-Ethernet adapters (Realtek RTL8156B chip) for my Synology NASs, greatly improving their performance — using iperf3 to test, I can realize 2.46 Gbps NAS-to-NAS.

Say you have a ISP plan capped at <= 2Gbps, can someone explain the performance differences between:

1.) AX86U WAN/LAN4 dual 1GbE WAN aggregation (w/ WAN aggregation capable cable modem), and 2.5GbE for LAN duty

vs.

2.) The AX6000 w/ dual 2.5GbE WAN/LAN??

Why is dual 2.5GbE so desirable with internet <= 2Gbps?? I feel like I'm missing some critical detail with the way WAN aggregation works. Is a single-client (w/ single TCP socket) connection on the 2.5GbE LAN side limited to 1GbE across the WAN aggregation?

 

[OzarkEdge]

Say you have a ISP plan capped at <= 2Gbps, can someone explain the performance differences between:

1.) AX86U WAN/LAN4 dual 1GbE WAN aggregation (w/ WAN aggregation capable cable modem), and 2.5GbE for LAN duty

vs.

2.) The AX6000 w/ dual 2.5GbE WAN/LAN??

Why is dual 2.5GbE so desirable with internet <= 2Gbps?? I feel like I'm missing some critical detail with the way WAN aggregation works. Is a single-client (w/ single TCP socket) connection on the 2.5GbE LAN side limited to 1GbE across the WAN aggregation?

I would assume not much practical difference, barring unknown overhead, except a hard 2.5GbE port is likely easier to implement and inherently more reliable than using aggregated ports and cables.

OE

 

[MarWell]

Will the next FW have support for WireGuard?

I'm looking for this info as well, anyone can give us a little update?

 

[bbunge]

I'm looking for this info as well, anyone can give us a little update?

Likely not. Asus has enough issues with AX86U/S firmware. New features may be on hold.

 

[Smedley]

Does the AX86U remain vulnerable to the Sandworm Botnet since we've been rolled-back to the January 46061 firmware?
FBI Takes Down Russian GRU Sandworm Botnet

ASUS and Watchguard are the two manufacturers noted in the article

 

[RMerlin]

Does the AX86U remain vulnerable to the Sandworm Botnet since we've been rolled-back to the January 46061 firmware?
FBI Takes Down Russian GRU Sandworm Botnet

ASUS and Watchguard are the two manufacturers noted in the article

No, only firmware 384.xx and below were targeted by it, as per Asus' security advisory.

 

[SAL9K]

No, only firmware 384.xx and below were targeted by it, as per Asus' security advisory.

Also, didn't the router "Enable Web Access from WAN" need to be enabled (which is disabled by default) for the Cyclops Blink malware to take?

Seems like the best way to mass-infiltrate a consumer router network, is to hack the Asus firmware delivery server, and surreptitiously place infected f/w. Is this what happened on the last AX86U f/w that bricked peoples routers?? I AM ONLY JOKING, for the record. But, do check those MD5's, people!

 

[RMerlin]

Also, didn't the router "Enable Web Access from WAN" need to be enabled (which is disabled by default) for the Cyclops Blink malware to take?

The infection vector was never publicly disclosed, so it's unknown if it was required or not.

Seems like the best way to mass-infiltrate a consumer router network, is to hack the Asus firmware delivery server, and surreptitiously place infected f/w.

I don't know if it's currently in use for firmware updates, but the firmware code has provision for supporting RSA signing validation. They already use it for Trend Micro signature updates.

 

[AStaUK]

Also, didn't the router "Enable Web Access from WAN" need to be enabled (which is disabled by default) for the Cyclops Blink malware to take?

Seems like the best way to mass-infiltrate a consumer router network, is to hack the Asus firmware delivery server, and surreptitiously place infected f/w. Is this what happened on the last AX86U f/w that bricked peoples routers?? I AM ONLY JOKING, for the record. But, do check those MD5's, people!

A supply chain attack would be my biggest fear with any sort of auto firmware update, I know you were only joking but I seem to recall Asus were caught out with something like this a few years back with updates to their Live Update software.