Release Asus ZenWiFi Pro XT12 3.0.0.4.388_24177

[KevTech]

ASUS ZenWiFi Pro XT12｜Whole Home Mesh WiFi System｜ASUS USA

Mesh wifi 6 system for whole home signal coverage, network security, parental controls, easy setup and manage. PS5 compatible, supports QoS and app control

www.asus.com

Direct Link:

https://dlcdnets.asus.com/pub/ASUS/wireless/ZenWIFI_XT12/FW_ZENWIFI_XT12_300438824177.zip?model=ZenWIFI%20Pro%20XT12

Please unzip the firmware file, and then verify the checksum.
SHA256: a97b2ca1f687fe09a9fefa8f3fbd0e53e6360636fdf829cd8c284236d4cbd822

New features:
- Built-in Surfshark in VPN Fusion allows you to surf the internet anonymously and securely from anywhere by encrypting connections.
Please refer to https://asus.click/SurfsharkVPN
- DDNS transfer allows you to transfer your ASUS DDNS hostname from your original router to the new one.
Please refer to https://asus.click/ASUSDDNS

Bug fixes and functionality modifications:
- Resolved the issue with login and password changes.
- Resolved the IPSec VPN connection issues.
- Resolved the Instant Guard connection issues.
- Fixed the issue where Traffic Analyzer sometimes couldn't record data.
- Fixed the time display issue for the preferred upgrade time in the Auto Firmware Upgrade function.
- Fine-tuned the description for port status.
- Enabled DynDNS and No-IP DDNS to use IPv6.
- Fixed AiMesh preferred AP identification in site survey results.
- Updated timezone list for Greenland, Mexico, and Iran.
- Allowed WireGuard Server clients to access the Samba server.
- Fixed memory leak issue.
- The ARP response issue has been resolved, along with the connection issue between the router and the ROG Phone 6 and 7.
- Resolved the issue where the USB path is not displayed on the Media Server page in the AiMesh node
- Ensured consistent display of client status on the WireGuard server.
- Enhanced system stability when accessing the WireGuard Server with DMZ enabled.
- Improved stability when enabling or disabling the WireGuard server.
- Addressed an issue that prevented clients from accessing the network when setting up the OpenVPN server in TAP mode.
- Optimized memory utilization and fixed an occasional server error when registering DDNS with an app.
- Corrected a bug encountered when adding a rule to the Network Services Filter.

Security updates:
- Enabled and supported ECDSA certificates for Let's Encrypt.
- Fixed DoS vulnerabilities in firewall configuration pages.
- Fixed DoS vulerabilities in httpd.
- Fixed information disclosure vulnerability.
- Fixed null pointer dereference vulnerabilities.
- Fixed token authentication security issues.
- Fixed security issues on the status page.
- Fixed Client DOM Stored XSS.
- Upgraded to the latest dropbear version.
- Fixed a stack overflow vulnerability.

 

[glenord]

Finally!

 

[mpilhall]

At last! So far seems stable and good (12 hours use)..!

 

[philw12]

Thanks. Ok, so this morning I woke up to no WiFi. But my ISP was doing planned work so I assumed it was them. They said it wasn't them, and I'm fairly sure they're correct (I could still ping google if I didn't use the local DNS, which was completely foo-bared. At this point I could login to the router.

I rebooted both my ISP modem and then my XT12 Pro (correct sequence; been here before). The Asus had been stable if not defect free on 9.0.0.6.102.4856. I had found older production firmware unusable.

Now... everything works again, but... I can't log in to the router from Android or Web GUI. It says my credentials are wrong, which isn't true because I use a password manager and as this is a local-only password I can even remember the sucker. This ain't early onset finger trouble.

=> I reckon the Asus update may have been automatic, and I'm possibly using new production [24177] firmware, and that may be using different keys for password encryption.


(1) Does anyone know how to deduce the firmware version without being able to log in? I can't find "24177" in the HTML, but maybe there's something in there I can see which will verify which version the Asus is running, without me being actually logged in. I didn't think I had auto-firmware update set.

(2) If the above analysis is correct, I guess I'm going to have to factory reset the thing then restore the last config backup. If I do that, can anyone tell me the default username / password?

(3) I suppose as I'm going to have to nuke & restore it, I could switch at this point to Merlin. Does anyone know if that's (a) sensible; and (b) will use the same config file the stock beta firmware writes?

thanks in advance, I will post how it works out

 

[KevTech]

No issues so far and with all the changes I did a factory reset.

 

[philw12]

Ok, long story short on mine:

1. For some reason - probably a forced Asus update which failed - my router stopped recognising my credentials the same day they released new firmware. The default asus/asus didn't work. Simultaneously users also reported "network is down", which some of it certainly was in a strange way (the router was bust; the modem and network were fine).
   
   
2. Eventually I found the Asus factory reset instructions don't work, but press "reset" for 3 seconds does, and I could get in with admin/admin. Guys, that's unprofessional.
   
   
3. I restored my config at that point... and my old credentials started working immediately, of course.
   
   
4. I was on the Beta firmware (because the old production just wouldn't work well enough). I was still on it after the above waste of time.
   I manually switched to today's new production firmware, because they'd only force it on me at a time not of my choosing again.
   I'd rather be here when it breaks.
   

I am guessing that am Asus forced update probably failed part way through because my ISP was doing planned works last night. Which is why people put "do not auto update" buttons in routers. I think Asus ignored that.

 

[KevTech]

Ok, long story short on mine:

1. For some reason - probably a forced Asus update which failed - my router stopped recognising my credentials the same day they released new firmware. The default asus/asus didn't work. Simultaneously users also reported "network is down", which some of it certainly was in a strange way (the router was bust; the modem and network were fine).
   
   
2. Eventually I found the Asus factory reset instructions don't work, but press "reset" for 3 seconds does, and I could get in with admin/admin. Guys, that's unprofessional.
   
   
3. I restored my config at that point... and my old credentials started working immediately, of course.
   
   
4. I was on the Beta firmware (because the old production just wouldn't work well enough). I was still on it after the above waste of time.
   I manually switched to today's new production firmware, because they'd only force it on me at a time not of my choosing again.
   I'd rather be here when it breaks.

I am guessing that am Asus forced update probably failed part way through because my ISP was doing planned works last night. Which is why people put "do not auto update" buttons in routers. I think Asus ignored that.

Restoring a config from the beta should not be done.
I don't see how anything auto updated unless you had it turned on.

 

[juswil]

Well at least he XT12 is getting updates. Think im gonna drop ASUS all together. Expensive router with finicky beta software and slow official updates.

 

[philw12]

Restoring config: the trick is in my text but not spelled out: restore the Beta config after a factory reset, so you're restoring it into the same Beta version it was saved from. Then do the manual update from Beta to production.
The good news is that the new firmware appears massively better than either the old production or beta versions.
Some of the changes are listed above. Stuff I've really noticed:

• It's noticeably quicker. The old XT12 stuff was noticeably slow even with basic UI stuff. It feels a lot snappier.
• The old "Asus router doesn't know what's connected to it" discussed here is fixed.
• My complex config was "upgraded" cleanly from the beta to the production, so none of the detailed VPN settings etc are lost and everything works. And I didn't have to screen shot the entire thing and type it all in again. Nice when that's done right.
• Traffic Analyzer/ QoS stuff (previously turned off by me in Beta) is an exception - those come up "turned on", and look more useful than in the previous firmwares.
• The "guest network" (multiple SSIDs...) thing has had a UI makeover from the Beta. It's still a bit weird (and weirdly named), but is functionally the same. On a modern screen you can see all the SSIDs at once.
• My XT12 had some flaky things with 5GHz "guests" being unable to connect; I never quite got to the bottom of the defect, but it's fixed now.

So for me this looks like a big step forward. I'm kind of shocked at the previous production version's problems, which were quite severe.

 

[KenKong]

So I'm not as knowledgeable as most here but I'm learning. The biggest improvement that I see with this release is the client switching. They switch when they should & do it faster. Previous versions, roaming clients would hang on for dear life to the crap signal of furthest node while I'm standing next to one. Occasionally some clients would switch, but most of the time the only way I could get those devices to switch to the closer node was to turn off/on client wifi. It doesn't do that anymore, they switch on their own. Newer clients it's almost immediate, older clients usually within 30 seconds to a minute. I had a dead spot in 4th/5th garage bay & the smart coach lights were constantly dropping. They still have a weak signal, but they never drop anymore. Someone else mentioned the GUI is quicker, I agree, it is. Entire system seems more stable. Full system reboot is faster. I have seen zero detrimental effects yet, only positive. Bravo Asus!

 

[M@rcoPolo]

Could someone using a US version of the XT12 with the latest firmware confirm if under Wireless > Professional you see a "Region" option (should be at the very bottom of the Professional list) ??

And if you do, which countries are listed there?

 

[RMerlin]

Could someone using a US version of the XT12 with the latest firmware confirm if under Wireless > Professional you see a "Region" option (should be at the very bottom of the Professional list) ??

And if you do, which countries are listed there?

That option won`t be available on any US router, as the FCC requires locking down the region.

 

[KevTech]

I have noticed an issue with this firmware in the system log DHCP Leases tab.
All of the leases say 24:00:00 and never change.
Clicking on refresh does not change them either.
Went back to 22127 to test and the leases work correctly counting down the lease time.
Will report to Asus.

 

[tabularasa415]

First post (long time creeper)...

I have been running 22127 for a long while now and saw the upgrade come out. I have 3 XT12s and utilize wireless backhaul (2nd 5ghz dedicated). I did a fresh install of 24177 and factory reset the other two nodes. Updated them for my network (2.4/5/guest 2.4) in hopes that I would get better speeds. Woof. What a terrible experiment. It started great and faster, but the whole thing quickly fell apart -- gave it plenty of time to "settle," but it was just crazy buggy. I then downloaded merlin 388.5 and that wasn't much better. Long story short, I came back to 22127 very quickly. Just curious if anyone had a similar experience?

 

[L&LD]

Welcome to the forums @tabularasa415.

What do you consider a fresh install?

 

[tabularasa415]

Welcome to the forums @tabularasa415.

What do you consider a fresh install?

Fair question! I uploaded the firmware and factory reset each unit. I reconfigured the router unit with my network settings (just my network names and passwords -- don't really tweak anything like some folks do), then re-added each of the other two nodes one by one.

 

[L&LD]

You may want to do similar with the 388.6 Beta 1 (or not!) if you're looking for the latest version for your model.

You may not want to stay on a Beta, but you may find it solves your stability issues.

 

[KevTech]

Long story short, I came back to 22127 very quickly.

Just be aware of the security issues in 22127 that were fixed in 24177.
Security updates:
- Enabled and supported ECDSA certificates for Let's Encrypt.
- Fixed DoS vulnerabilities in firewall configuration pages.
- Fixed DoS vulerabilities in httpd.
- Fixed information disclosure vulnerability.
- Fixed null pointer dereference vulnerabilities.
- Fixed token authentication security issues.
- Fixed security issues on the status page.
- Fixed Client DOM Stored XSS.
- Upgraded to the latest dropbear version.
- Fixed a stack overflow vulnerability.