Release Asus ZenWiFi CT8 - New Firmware: 3.0.0.4.386.45934

[SandboxHaze]

ASUS ZenWiFi CT8 Firmware version 3.0.0.4.386.45934
1. AiMesh 2.0
- System optimization: one click in AiMesh to optimize the topology
- System Ethernet backhaul mode, all nodes will only connect by ethernet, all bands will be released for wireless clients.
- System factory default and reboot.
- Client device reconnect, make the device to offline and online again.
- Client device binding to specific AP.
- Guest WiFi on all Mesh nodes (all node need to upgrade to 3.0.0.4.386 firmware)
- Access nodes USB application.

Connection priority and Ethernet backhaul mode introduction

[AiMesh] What is Ethernet Backhaul Mode/Backhaul Connection Priority in AiMesh System and how to set up in different scenarios? | Official Support | ASUS Global

How to setup ASUS AiMesh or ZenWiFi Mesh Ethernet backhaul under different conditions

[AiMesh] How to set up ASUS AiMesh or ZenWiFi Mesh Ethernet backhaul under different conditions ? (Advanced setup with network switch) | Official Support | ASUS Global

2. New Family interface in ASUS router App.
ASUS Router App for iOS must greater or equal to iOS v1.0.0.5.75
Android version greater or equal to v1.0.0.5.74

3. The unit of the WiFi time scheduler goes to 1 minute.

4. Support IPSec IKE v1 and IKE v2, and you can use the Windows 10 native VPN client program to connect to the router's IPSec VPN server. The Windows 10 new FAQ is in https://www.asus.com/support/FAQ/1033576

5. 2.4 and 5G on the network map could be configured in the same tab.

6. Captcha for login can be disabled in administration -> system.

7. Printer server port can be disabled on the USB app page.

8. Clients which connect to the guest network can be viewed in the network map -->view list --> interface

9. Fix Let's Encrypt not working properly.

10. Add IPTV supports for specific region.

Security fixes:

1. Fixed CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686

2. Fixed DoS vulnerability. Thanks for Tsinghua University NISL's contribution.

3. Fixed DoS vulnerability from spoofed sae authentication frame. Thanks for Efstratios Chatzoglou, University of the Aegean, Georgios Kambourakis, European Commission at the European Joint Research Centre, and Constantinos Kolias, University of Idaho.

4. Fixed Stored XSS vulnerability.

5. .Fixed CVE-2021-41435, CVE-2021-41436.
Thanks to Efstratios Chatzoglou, University of the Aegean

6. BusyBox
- CVE-2016-2148
- CVE-2016-6301
- CVE-2018- 1000517

7. cURL
- CVE-2020-8169
- CVE-2019-5481
- CVE-2019-5482
- CVE-2018-1000120
- CVE-2018- 1000300
- CVE-2018-16839

8. Lighttpd
- CVE-2018-19052

9. Linux
- CVE-2020-14305
- CVE-2020-25643
- CVE-2019-19052

10. lldpd
- CVE-2020-27827

11. Avahi
- CVE-2017-6519

12. hostapd
- CVE-2021-30004
- CVE-2019-16275

13. OpenVPN
- CVE-2020-11810
- CVE-2020-15078

14. wpa
- CVE-2021-30004
- CVE-2021-27803
- CVE-2019-11555
- CVE-2019-9499
- CVE-2019-9498
- CVE-2019-9497
- CVE-2019-9496
- CVE-2019-9495
- CVE-2019-9494
- CVE-2017-13086
- CVE-2017-13084
- CVE-2017-13082
- CVE-2016-4476
- CVE-2015-8041

15. Fixed httpd vulnerability
Thanks to Wei Fan contribution.

16. Fixed stack overflow vulnerability

17. Fixed DoS vulnerability
Thanks to 360 Future Security Lab's contribution.

Please unzip the firmware file first then check the MD5 code.
MD5:1ea263bfdf97fd5e608ddebb27b1804d

Download: https://dlcdnets.asus.com/pub/ASUS/wireless/ZenWiFi_CT8/FW_ZENWIFI_CT8_300438645934.zip

 

[mr.win]

This firmware update 3.0.0.4.386_45934-gb23bdac on my ZenWiFi AC (CT8) is one 1 big bucket of misery...
After Auto Firmware Upgrade , everything went very smoothly. The new features were desired and I was really happy to see that I could finally prioritize topology of nodes (which nodes connect to where) and also direct the devices to which nodes to connect to. But what happened was that nodes randomly started disconnecting and rebooting, devices that randomly connect to other nodes with yellow exclamation marks on nodes it shouldn't connect to. Nodes that are tied together in a completely illogical order, causing the whole house (3x CT8 (1x router, 2 x nodes)) to have a bad connection. Sometimes it switches back to desired topology but then a few minutes later the nodes go offline again, blink blue and then randomly come back online and finally repeat this constantly. After throwing away 2 days of my life, I'm done with it. Now go back to previous firmware that was also not perfect but at least was stable for some time. ASUS what are you doing?

I often see in the log file: : kernel: "mac-adres" not mesh client, can't delete it

In the attecment you can see all the all possible topology scenarios that the system does randomly after connection is lost and the light on the device starts flashing blue and then contact with new topolgy

 

[OzarkEdge]

This firmware update 3.0.0.4.386_45934-gb23bdac on my ZenWiFi AC (CT8) is one 1 big bucket of misery...
After Auto Firmware Upgrade , everything went very smoothly. The new features were desired and I was really happy to see that I could finally prioritize topology of nodes (which nodes connect to where) and also direct the devices to which nodes to connect to. But what happened was that nodes randomly started disconnecting and rebooting, devices that randomly connect to other nodes with yellow exclamation marks on nodes it shouldn't connect to. Nodes that are tied together in a completely illogical order, causing the whole house (3x CT8 (1x router, 2 x nodes)) to have a bad connection. Sometimes it switches back to desired topology but then a few minutes later the nodes go offline again, blink blue and then randomly come back online and finally repeat this constantly. After throwing away 2 days of my life, I'm done with it. Now go back to previous firmware that was also not perfect but at least was stable for some time. ASUS what are you doing?

I often see in the log file: : kernel: "mac-adres" not mesh client, can't delete it

In the attecment you can see all the all possible topology scenarios that the system does randomly after connection is lost and the light on the device starts flashing blue and then contact with new topolgy

Have you tried a fixed (not Auto), non-DFS channel at 80 MHz... maybe it will settle down.

OE

 

[mr.win]

at the moment i am near despair, want to try everything as long as i have stable home network for my family.

 

[mr.win]

Have you tried a fixed (not Auto), non-DFS channel at 80 MHz... maybe it will settle down.

OE

Setting it now.

 

[mr.win]

Oke after setting to control channel 112 @ 80Mhz, the node at the second floor dont want to come online.
I put that node now at the ground floor and i wont come up OMG.....

 

[OzarkEdge]

Setting it now.

If you are in the US, ch 112 is a DFS channel:

OE

 

[mr.win]

I'm living in the netherlands (europe)...

 

[OzarkEdge]

I'm living in the netherlands (europe)...

If you want to work on this here, you should probably start your own thread in the AX forum.

OE

 

[mr.win]

If you want to work on this here, you should probably start your own thread in the AX forum.

OE

For tje record we ate talking here about the ASUS ZenWiFi AC (CT8)

 

[OzarkEdge]

For tje record we ate talking here about the ASUS ZenWiFi AC (CT8)

OK then, the AC forum. The point is to not hijack this thread.

OE

 

[Mineria]

Ran into the same issues, rolling back to previous firmware on all devices solved it.

EDIT:
I'm not using any of the additional features like USB Application, AiProtection, Adaptive QoS, AiCloud, IPv6, VPN or other things that can be used from WAN to LAN, so I disabled all of it.
For some reason ASUS decided to have some security sensitive features enabled by default with this firmware update, like WAN access to the router itself.

1. Mesh nodes some times drop to 2.4GHz instead of sticking to the backhaul bands 5GHz.
2. Lot of fluxation in down/upload speeds and disconnects
3. WEBUI acts very slugish on some pages
4. Router log shows that it checks for updates more frequent

Core and memory utilization look fine, also nice to see additional features added like DNS TLS, just a shame that the firmware isn't stable with a WiFi backhaul.

 

[mr.win]

OK then, the AC forum. The point is to not hijack this thread.

OE

Oh oke, also when I think it's specifically this firmware release related issues?

 

[OzarkEdge]

Oh oke, also when I think it's specifically this firmware release related issues?

Then revert to a previous working firmware version and wait for the next release.

OE

 

[Mineria]

Oh oke, also when I think it's specifically this firmware release related issues?

If you got the new firmware via the routers update feature try to upload the firmware manually to each device starting with the nodes instead.
Seems that the routers update feature caused havoc on my end, so just started from scratch and uploaded manually instead, seems stable so far.
Neither does it enable a lot of what I mentioned earlier, really weird that the manual upload makes so much of a difference.

EDIT: Everything works fine now, no idea what happened when I did let my Zen CT8 system (1 router + 2 nodes) update itself.

 

[mr.win]

If you got the new firmware via the routers update feature try to upload the firmware manually to each device starting with the nodes instead.
Seems that the routers update feature caused havoc on my end, so just started from scratch and uploaded manually instead, seems stable so far.
Neither does it enable a lot of what I mentioned earlier, really weird that the manual upload makes so much of a difference.

EDIT: Everything works fine now, no idea what happened when I did let my Zen CT8 system (1 router + 2 nodes) update itself.

did you first factory reset and then uploaded manually the new firmware?

 

[RogerSC]

did you first factory reset and then uploaded manually the new firmware?

No, flash first, then factory reset and manually reconfigure; i.e. flash the all nodes first, then the router last. Then reset the nodes, then the router. And you should be able to use the Asus Router app on your phone to set up the mesh again. Then I tend to go to the web admin interface to do the fine tuning once the mesh is running again, seems easier to find settings in the web interface.

 

[Mineria]

did you first factory reset and then uploaded manually the new firmware?

No, a factory reset would wipe all settings, not up for manually restoring everything.

There are probably CLI options which can be used to export a editable configuration, didn't look into that part since it completely differs from what I'm used to (HP/Cisco CLI).

 

[SandboxHaze]

Just noticed today that IPV6 Native does not work for this firmware. I tried going back to a previous firmware and it works fine. Is this happening to anyone else?

 

[thorstenS1]

Made the mistake of upgrading - and been having grief since then.
Random blue light flashing on nodes, packet loss, mobile device lose connection, apple won't connect etc. etc. Quite a nightmare and family very unhappy allround.
Decided to downgrade all the way back to 42095 and see whether this brings back some stability....