What's new

Auto Firmware Upgrade made official - a new Note in Asus FAQ

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Tech9

Part of the Furniture
In this Firmware Update FAQ:


... a new Note appeared recently:

1686536042567.png


This gives you an explanation why your router auto upgraded to different* Asuswrt version even with Auto Firmware Upgrade set to OFF.

* - When/if it happens I'm assuming it will auto update to the latest firmware version available and not to the minimum required only.
 
That's probably assuming wrong. That is not what is stated.
 
In this Firmware Update FAQ:


... a new Note appeared recently:

View attachment 50891

This gives you an explanation why your router auto upgraded to different* Asuswrt version even with Auto Firmware Upgrade set to OFF.

* - When/if it happens I'm assuming it will auto update to the latest firmware version available and not to the minimum required only.

Translated - next time we screw up we can try to cover it up.
 
Fun! The thing that drove me off Netgear WAPs was forced firmware updates (first to a version that was significantly flakier, and then to one that bricked the main router entirely, with no option to downgrade after either one). Not good to see ASUS traveling that path.
 
I remember two forced auto upgrade threads, routers with Auto Firmware Upgrade set to OFF.

GT-AXE11000


GT-AX6000


Perhaps this is going to start happening more often.

Perhaps Auto Firmware Upgrade option will disappear at some point.
 
I remember two forced auto upgrade threads, routers with Auto Firmware Upgrade set to OFF.

GT-AXE11000


GT-AX6000


Perhaps this is going to start happening more often.

Perhaps Auto Firmware Upgrade option will disappear at some point.

Custom firewall script to block asus update servers :)
 
No custom scripts in Asuswrt and URL Filter applies to clients only. I remember playing with this some time ago.

If you block the servers you are going to mess up other things. RMerlin was showing multiple places the servers are present in Asuswrt code and this is only what's visible. They are for sure involved with closed source components as well. AiMesh page for example is checking for new firmware every time you open it and even triggers the notification in Asuswrt-Merlin with new firmware checking disabled. This one is fixable, but in Asuswrt?
 
No custom scripts in Asuswrt and URL Filter applies to clients only. I remember playing with this some time ago.

If you block the servers you are going to mess up other things. RMerlin was showing multiple places the servers are present in Asuswrt code and this is only what's visible. They are for sure involved with closed source components as well. AiMesh page for example is checking for new firmware every time you open it and even triggers the notification in Asuswrt-Merlin with new firmware checking disabled. This one is fixable, but in Asuswrt?

Should be able to block it in iptables even if it sources from the router itself. But as you say, it may impact other things.

Since Merlin does not auto-update, those who want to prevent that can just run Merlin. We'll see if it actually becomes an issue or not (and if it actually ignores your setting for auto update or not). Guess Asus is taking the Apple (and later, windows) approach - "we know better than you and it is for your own good". Maybe the router will download a free U2 album.
 
I do not see this as a bad thing. For the few who play constantly with their electronics and are obsessed with security, sure, it is a problem. For the rest of the clueless world of users it is good. And ultimately good for us by trying to prevent security issues with the clueless crowd. You may feel differently and that is OK, too.
 
New note perhaps, but old news. Mining footnotes in ASUS FAQs for 'official' fault finding seems like a waste of time to me.

OE
 
For the few who play constantly with their electronics and are obsessed with security, sure, it is a problem.

In this community it's seen as a problem. In general - not a bad thing, but quality control must be improved. For negative effect examples of early auto upgrade implementation see Google Nest and Amazon eero feedback. Or recent ASD update on Asus routers. I personally believe it will become mandatory industry wide for all manufacturers.

The point of this thread is to clear the doubts and save further questions if Asus routers can auto upgrade with Auto Firmware Upgrade set to OFF. We had examples of this happening in the past, now we have confirmation from Asus this is a real possibility. This actually started in 2020 with RT-AC86U found auto upgrading even before Auto Firmware Upgrade option was made available in settings.

Since Merlin does not auto-update, those who want to prevent that can just run Merlin.

Yes. The number of supported models is limited though.
 
"we know better than you and it is for your own good"

The worst example of this is printer with Internet connection auto upgrading firmware with one sole purpose to block eventual use of "unauthorized cartridges" masked behind "improved print quality". All printer manufacturers have this type of firmware upgrades with HP leading the pack.
 
The worst example of this is printer with Internet connection auto upgrading firmware with one sole purpose to block eventual use of "unauthorized cartridges" masked behind "improved print quality". All printer manufacturers have this type of firmware upgrades with HP leading the pack.

They ended up having to roll one of those back (or undo it with an updated firmware). Amazon was sending out international cartridges to US people and those printers got locked as international and could no longer use US cartridges. HP has had a lot of blunders with their attempts to force you to pay full US retail price. There's been a few FTC investigations but as long as they keep contributing to the right politicians it will keep going on.
 
I know this is slightly off topic since it is not Asus but eero related.

In the past, they updated “supposedly” during off peak times but that was a moving target depending on the environment.

In the latest firmware updates for the eero platform you can now specify a time when you want the new firmware installed.
 
Asuswrt has that when you enable Auto Firmware Upgrade in settings.

Not sure how it happens if you have it disabled and Asus decides you need the new firmware.
 
I remember the following problems with automatic updates in the past (the second site is not in English).
In the ASUS router community in my country, the common theory is that auto-update is dangerous and should be disabled.
 
Bad quality control auto upgrades are real issue with remote devices and people working from home. Recent ASD update as an example. It impacts not only the customers, but the business as well. I believe every manufacturer has history of this happening with customers switching to different products. Amazon eero and Ubiquiti UniFi as examples. @tgl above has similar bad experience with Netgear. TP-Link is perhaps an exception - they release 2-3 firmware for Archer products, EoL them quickly and move on with h/w revision v14.2... :)
 
Last edited:
This gives you an explanation why your router auto upgraded to different* Asuswrt version even with Auto Firmware Upgrade set to OFF.

* - When/if it happens I'm assuming it will auto update to the latest firmware version available and not to the minimum required only.

Wonderful - so they're saying they'll push as they see fit.

I can understand this for managed devices (e.g. carrier provided equipment) where there is some level of testing before it's pushed out - and that also assumes that they have centralized management and a consistent configuration.

And even then, firmware updates are usually slow-rolled across the fleet, not all at once - even then, it does go wrong from time to time - T-Mobile had a bad push out to one of their 5G Fixed Wireless Gateways that would cause them to boot loop...

For unmanaged equipment, it's a huge risk, as we all know that there is no one single config for WAN side, and there are a lot of options on the LAN/WLAN side.

Wonder what happens if Asus does a firmware push and it bricks a device - esp. if that device is out of warranty?
 
Wonder what happens if Asus does a firmware push and it bricks a device - esp. if that device is out of warranty?

What happens? Some folks around here had to RMA their routers. I've spend hours recently helping friends fixing locked Asus routers from bad security auto upgrade. All in remote locations for me, fixing with whatever was available remote access with local reset/reboot assistance. From 8 routers 3 were replaced and 5 fixed with plans to replace down the road. The real question - what to replace them with? One of the routers is mine and GL.iNet device I recently got is replacing it. The rest? If replaced by another consumer product - no guarantees, the same thing may happen again.
 
Wonder what happens if Asus does a firmware push and it bricks a device - esp. if that device is out of warranty?
In general they are fairly open to handle these types of scenarios. Not exactly the same thing, but a few months ago they provided me with updated code that had an issue with certain RT-AX86U hardrware revision, truly bricking them (i.e. no recovery possible even at the uboot level). They told me to simply instruct everyone affected by this to request an RMA, that they would take care of them.

So if they were to push such a broken firmware, past experience says that they would most likely own it, and take care of anyone affected.

I don`t know if they implement it, but many manufacturers tend to use either smoke test, or rolling updates, so that way if something is truly broken, it can be spotted before everyone got pushed the broken update. Android updates for instance are not pushed overnight to everyone. Back when I was part of Trend Micro's PUG group, they were pushing us virus signatures slightly ahead of pushing them to their regular users (might be a few hours ahead, I don`t remember the details), so we could act as a smoke test in case something was truly broken. So, they are ways within the industry to limit the damage that can happen with a botched update.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top