Release Zen Mini XD4 Firmware 3.0.0.4.386_45934

[shoman94]

Firmware version 3.0.0.4_386_45934
- Release Note -

This version includes several vulnerability patches.
BusyBox
- CVE-2016-2148
- CVE-2016-6301
- CVE-2018- 1000517

cURL
- CVE-2020-8169
- CVE-2019-5481
- CVE-2019-5482
- CVE-2018-1000120
- CVE-2018- 1000300
- CVE-2018-16839

Lighttpd
- CVE-2018-19052

Linux
- CVE-2020-14305
- CVE-2020-25643
- CVE-2019-19052

lldpd
- CVE-2020-27827

Avahi
- CVE-2017-6519

hostapd
- CVE-2021-30004
- CVE-2019-16275

OpenVPN
- CVE-2020-11810
- CVE-2020-15078

wpa
- CVE-2021-30004
- CVE-2021-27803
- CVE-2019-11555
- CVE-2019-9499
- CVE-2019-9498
- CVE-2019-9497
- CVE-2019-9496
- CVE-2019-9495
- CVE-2019-9494
- CVE-2017-13086
- CVE-2017-13084
- CVE-2017-13082
- CVE-2016-4476
- CVE-2015-8041

Bug Fixes and Enhancements:
1. Fixed DoS vulnerability from spoofed sae authentication frame.
Thanks to Efstratios Chatzoglou, University of the Aegean,
Georgios Kambourakis, European Commission at the European Joint Research Centre,
and Constantinos Kolias, University of Idaho.
2. Fixed Stored XSS vulnerability.
3. Fixed CVE-2021-41435, CVE-2021-41436.
Thanks to Efstratios Chatzoglou, University of the Aegean
Georgios Kambourakis, European Commission at the European Joint Research Centre
Constantinos Kolias, University of Idaho.
4. Fixed Stack overflow vulnerability.
Thanks to Jixing Wang (@chamd5) contribution.
5. Fixed information disclosure vulnerability.
Thanks to CataLpa from DBappSecurity Co.,Ltd Hatlab and 360 Alpha Lab contribution.
6. Fixed CVE-2021-3450, CVE2021-3449 OpenSSL related vulnerability.
7. Fixed authentication bypass vulnerability.
Special thank Chris Bellows, Darren Kemp – Atredis Partners contribution.
8. Upgraded dropbear to version 2020.81
9. Fixed slowloris denial of service attack.
10. Fixed the fragattacks vulnerability.

 

[s0x]

Link:

https://dlcdnets.asus.com/pub/ASUS/wireless/ZenWiFi%20Mini%20AX%20XD4/FW_ZENWIFI_XD4_300438645934.zip

Hashes:

FW_ZENWIFI_XD4_300438645934.zip    CRC32    15E8D97F
FW_ZENWIFI_XD4_300438645934.zip MD5 2B73B2F1591E3DB000F514CA69E97771
FW_ZENWIFI_XD4_300438645934.zip SHA-1 4ED50F8D120D47195E55D551D647784675178008
FW_ZENWIFI_XD4_300438645934.zip SHA-256 A0FED025CC8C52858030918EF5956192239B47CC6C95D15E6B70F7748D78830F
FW_ZENWIFI_XD4_300438645934.zip SHA-512 4C3B3A3D93CAFBEEF214FFF87DA0B26E7305CDE8D79FF2540167336D380050AC167CC725C5F4559F491D8FEBE810DA1D3426BD30364681EAC8EE726808BF315C

FW_ZENWIFI_XD4_300438645934.w

FW_ZENWIFI_XD4_300438645934.w    CRC32    DC4D51C5
FW_ZENWIFI_XD4_300438645934.w MD5 4154DE347C3A63F32F9F8ABC5A5EB8E6
FW_ZENWIFI_XD4_300438645934.w SHA-1 F0C23ED3408EF83185256BFBA6923D1CD242F913
FW_ZENWIFI_XD4_300438645934.w SHA-256 5CC38F7A4EB1CB17B86143C04B9EF3A8BDD728201D88777B05D1B117396B25C1
FW_ZENWIFI_XD4_300438645934.w SHA-512 4C57EE3F313F00EBEDA7894825E4FBBA243B37493772A38CB1CFD4D94B383A3075C1852A2A5C877F8D8C941D1C7B5586885D925C3B5343F0A96436EE16FF65F2