ASUS urges customers to patch critical router vulnerabilities
- Thread starter XIII
- Start date
ColinTaylor
Part of the Furniture
Asus doesn't read these forums.
Tech9
Part of the Furniture
Your ZenWiFi Pro ET12 will have 3.0.0.6 Pro firmware available soon.
Is anyone running this latest firmware (stock Asus) on AX58U ? I am a few revisions behind (firmware dated January 2023 I believe) because the revision after that broke my 2.4 band. All my smart devices, cameras etc.. which only use 2.4 kept disconnecting and the router needed rebooting 1-2 times per day. I was fine running the older firmware to keep things stable but now with this vulnerability it seems I am running a risk by doing that. Curious if anyone else experienced this and if they still are with this latest firmware? Thank you!
TikingAlien007
Occasional Visitor
Ok, I was originally looking for answers about the patched CVE's but after reading all 3 pages of this thread, I'm even more confused that before I started reading it.
I have checked the details log for my router and some of them are included in the official ASUSWRT firmware like CVE-2023-28702 and CVE-2023-28702 but when I checked the Merlin's Changelog, I couldn't find them.
l also noticed that the latest official ASUSWRT firmware is a few months old but Merlin's one was released a month after but still doesn't have the above listed CVE's that are included in its official firmware from ASUS. I noticed that some features may vary between ASUS's official firmware and the Merlin's one but the said vulnerable components for example like Netatalk are still used by both but there are no fixes for it on the Merlin's firmware going by the changelog ?
Am I missing something here ?
I have checked the details log for my router and some of them are included in the official ASUSWRT firmware like CVE-2023-28702 and CVE-2023-28702 but when I checked the Merlin's Changelog, I couldn't find them.
l also noticed that the latest official ASUSWRT firmware is a few months old but Merlin's one was released a month after but still doesn't have the above listed CVE's that are included in its official firmware from ASUS. I noticed that some features may vary between ASUS's official firmware and the Merlin's one but the said vulnerable components for example like Netatalk are still used by both but there are no fixes for it on the Merlin's firmware going by the changelog ?
Am I missing something here ?
I don't document security fixes unless I'm the one fixing them, as I have no way of keeping track of which issues are fixed in a specific GPL drop from Asus. You will have to look at the GPL version used in a specific firmware release, then look at Asus' own changelogs.
TikingAlien007
Occasional Visitor
As I'm new to how you operate changelogs here, any guidance on it would be great.
Jbennett360
Senior Member
Still nothing for the AX86U/S. Bit weird
It already had most of the fixes listed from the may update.
These alerts are mostly for people who never update their firmware.
Similar threads
- Locked
- Locked
- Locked
Similar threads
Similar threads
-
-
-
Asus RT-AC5300 met lan switch shows only wifi data active and count only wifi
- Started by Godley
- Replies: 0
-
-
Are all ASUS routers on the 3.0.0.6.102 codebase guaranteed to support VLAN Management & Guest Network Pro?
- Started by YRTFS
- Replies: 10
-
Replacing an AX86U Pro - GT-AX11000/GT-AXE16000/Asus RT-BE86U?- Started by Zakalwe
- Replies: 2
-
-
So sorry if this has been asked before but is this how you revert back to asus stock firmware?
- Started by Thelastone
- Replies: 11
-
-