Release RT-AX88U Firmware version 3.0.0.4.386.45375 2021/08/31

[Zastoff]

ASUS RT-AX88U Firmware version 3.0.0.4.386.45375
This version includes several vulnerability patches.
BusyBox
- CVE-2016-2148
- CVE-2016-6301
- CVE-2018- 1000517

cURL
- CVE-2020-8169
- CVE-2019-5481
- CVE-2019-5482
- CVE-2018-1000120
- CVE-2018- 1000300
- CVE-2018-16839

Lighttpd
- CVE-2018-19052

Linux
- CVE-2020-14305
- CVE-2020-25643
- CVE-2019-19052

lldpd
- CVE-2020-27827

Avahi
- CVE-2017-6519

hostapd
- CVE-2021-30004
- CVE-2019-16275

OpenVPN
- CVE-2020-11810
- CVE-2020-15078

wpa
- CVE-2021-30004
- CVE-2021-27803
- CVE-2019-11555
- CVE-2019-9499
- CVE-2019-9498
- CVE-2019-9497
- CVE-2019-9496
- CVE-2019-9495
- CVE-2019-9494
- CVE-2017-13086
- CVE-2017-13084
- CVE-2017-13082
- CVE-2016-4476
- CVE-2015-8041

Fixed envrams exposed issue. Thanks to Quentin Kaiser from IoT Inspector Research Lab contribution.

 

[torstein]

Oh great! I love security updates. Gives me a warm fuzzy feeling. No idea why hehe. Looking forward to merlin merging the GPLs.

I assume this is also available for the AX86U?

 

[sanke1]

Installed and now a "fancy but highly annoying" page pops up if you don't use http to access router's GUI via LAN. Kinda lame.

 

[LimJK]

Installed and now a "fancy but highly annoying" page pops up if you don't use http to access router's GUI via LAN. Kinda lame.

sanke1, Initially, I felt the sameway, but, I found that you can select not to show it again option

Edit:

 

[Gregory Phillips]

I just installed it and will report back if anything weird happens.

 

[LimJK]

I have not seen this for a while, as I normally run on Merlin's Firmware for my AiMesh Router. It is repeating itself every 5 minutes. For now I am turning off Let's Encrypt and try it again in a couple of days. Is there some workaround? Thanks.

Sep  2 17:05:00 rc_service: service 20000:notify_rc restart_letsencrypt
Sep  2 17:05:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:10:00 rc_service: service 20718:notify_rc restart_letsencrypt
Sep  2 17:10:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:15:00 rc_service: service 21441:notify_rc restart_letsencrypt
Sep  2 17:15:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:20:00 rc_service: service 22150:notify_rc restart_letsencrypt
Sep  2 17:20:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:25:00 rc_service: service 22842:notify_rc restart_letsencrypt
Sep  2 17:25:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:30:00 rc_service: service 23531:notify_rc restart_letsencrypt
Sep  2 17:30:00 Let's Encrypt: Err, DDNS update failed.

 

[LimJK]

I also found that Merlin's DoT (DNS-over-TLS) is available on this version of Stock Firmware AX88U 3.0.0.4.386_45375-ge5f218b; it is not mentioned in the release note.

 

[bbunge]

I also found that Merlin's DoT (DNS-over-TLS) is available on this version of Stock Firmware AX88U 3.0.0.4.386_45375-ge5f218b; it is not mentioned in the release note.

DoT is also on the AX86U release. And yes, it is Merlin's code for DoT! Have been running it since it was released with no problems.

A quick google for router with DoT came up empty. So, Asus may be the first to implement DoT. This is a good thing!!!

 

[RMerlin]

And yes, it is Merlin's code for DoT!

Just to be accurate, it's mostly themiron's code in fact (maybe 5-10% of that code was mine, largely web-related stuff).

 

[bluepoint]

I have not seen this for a while, as I normally run on Merlin's Firmware for my AiMesh Router. It is repeating itself every 5 minutes. For now I am turning off Let's Encrypt and try it again in a couple of days. Is there some workaround? Thanks.

Sep  2 17:05:00 rc_service: service 20000:notify_rc restart_letsencrypt
Sep  2 17:05:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:10:00 rc_service: service 20718:notify_rc restart_letsencrypt
Sep  2 17:10:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:15:00 rc_service: service 21441:notify_rc restart_letsencrypt
Sep  2 17:15:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:20:00 rc_service: service 22150:notify_rc restart_letsencrypt
Sep  2 17:20:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:25:00 rc_service: service 22842:notify_rc restart_letsencrypt
Sep  2 17:25:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:30:00 rc_service: service 23531:notify_rc restart_letsencrypt
Sep  2 17:30:00 Let's Encrypt: Err, DDNS update failed.

If I remember correctly, when I see this in RMerlin's firmware, something triggers it but I had not figured it out as it doesn't happen often, I go to Wan-->ddns and just click "apply", this clears that restarts. It seems letsencrypt doesn't remember that it's active and couldn't restart itself.

 

[neil0311]

I also found that Merlin's DoT (DNS-over-TLS) is available on this version of Stock Firmware AX88U 3.0.0.4.386_45375-ge5f218b; it is not mentioned in the release note.

Can I ask what may be a stupid question? Why do you need (why would you want) to encrypt DNS traffic? It’s all public data.

Is there a known exploit or other reason why you’d want that overhead?

 

[RMerlin]

Can I ask what may be a stupid question? Why do you need (why would you want) to encrypt DNS traffic? It’s all public data.

Is there a known exploit or other reason why you’d want that overhead?

Some people don`t want their ISP to see which hostnames they are trying to resolve. Others want to ensure that nobody is intercepting their DNS queries and replacing them, a technique occasionally used by malware or ISPs who want to redirect traffic to different servers.

 

[Gregory Phillips]

So far I haven't seen anything abnormal with this firmware version.

 

[ryan806]

I've been experiencing drops in my 5ghz wireless since flashing this, anyone else?

 

[Gregory Phillips]

Actually today my phone couldn't connect to 5g so I rebooted the router and it was okay but I didn't think about it further. When I checked the router all of the lights were white. Once it came back up it reconnected just fine. I will probably roll back now.

Edit: Rolled back and my connection speed increased on my phone (galaxy z fold 3).

 

[LimJK]

I have not seen this for a while, as I normally run on Merlin's Firmware for my AiMesh Router. It is repeating itself every 5 minutes. For now I am turning off Let's Encrypt and try it again in a couple of days. Is there some workaround? Thanks.

Sep  2 17:05:00 rc_service: service 20000:notify_rc restart_letsencrypt
Sep  2 17:05:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:10:00 rc_service: service 20718:notify_rc restart_letsencrypt
Sep  2 17:10:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:15:00 rc_service: service 21441:notify_rc restart_letsencrypt
Sep  2 17:15:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:20:00 rc_service: service 22150:notify_rc restart_letsencrypt
Sep  2 17:20:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:25:00 rc_service: service 22842:notify_rc restart_letsencrypt
Sep  2 17:25:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:30:00 rc_service: service 23531:notify_rc restart_letsencrypt
Sep  2 17:30:00 Let's Encrypt: Err, DDNS update failed.

I have sent feedback with ALL logs to Asus Support 4 days ago ... have not got any reply or acknowledgement yet. May be they should look at Merlin's code which do not have this problem.

 

[neil0311]

I've been experiencing drops in my 5ghz wireless since flashing this, anyone else?

Nope, no drops. Just some reduced wifi 6 throughput, which may actually be the Windows 11 beta networking rather than the router.

 

[Evklim]

I've been experiencing drops in my 5ghz wireless since flashing this, anyone else?

Hi! A newbie here. Yeah, something strange happened after flashing the new fw. 5Ghz network stopped broadcasting, turning off/on was fixing the issue but only until restart. After restart no 5Ghz again. Tried to localize the problem, but didn’t manage w. Had to go back to the previous fw to solve the issue.

 

[LimJK]

I have sent feedback with ALL logs to Asus Support 4 days ago ... have not got any reply or acknowledgement yet. May be they should look at Merlin's code which do not have this problem.

Sep  2 17:05:00 rc_service: service 20000:notify_rc restart_letsencrypt
Sep  2 17:05:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:10:00 rc_service: service 20718:notify_rc restart_letsencrypt
Sep  2 17:10:00 Let's Encrypt: Err, DDNS update failed.
Sep  2 17:15:00 rc_service: service 21441:notify_rc restart_letsencrypt
Sep  2 17:15:00 Let's Encrypt: Err, DDNS update failed.

Found my own workaround for the above snap shot of every 5 minutes Let's Encrypt Error in Syslog.

• I downgraded FW to RT-AX88U_3.0.0.4_386_44266-g7f6b0df
• Factory Reset Via GUI, setup configuration from scratch
• No more Let's Encrypt Error in Syslog
• Upgrade over GUI (ie. Dirty Flash) to FW RT-AX88U_3.0.0.4_386_45375
• QED ... No more Let's Encrypt Error in Syslog

 

[JB10]

This update ruined almost all of my smart home light switches and plugs. They are all on the 2.4 GHz network and all of a sudden they were not getting a stable connection. They would connect and disconnect right away, it was a nightmare trying to troubleshoot this. I eventually found this forum and reverted my router to the previous firmware and just like magic it is now all fixed.