ASUS ZenWiFi AX (XT8)

- Enhanced system stability.
- Enhanced input validation and refactored legacy string handling routines to ensure robust memory management.
- Addressed multiple security weaknesses in AiCloud service by enforcing strict credential verification, implementing robust file path validation, and hardening command execution logic to prevent unauthorized access and manipulation of system resources.
- Implemented comprehensive validation and expanded command filtering in the web history API.
- Fixed a privilege escalation vector in the IFTTT token exchange mechanism
- Strengthened input validation and directory handling in the VPN configuration upload interface.
- Fixed an issue that allowed certain user settings to be bypassed, improving overall user control and protection.

Important: After installing this firmware, we strongly recommend performing a factory-default reset to activate every new security adjustment.


Security Enhancements
- Password Policy Upgrade – Minimum 10 characters with at least 1 letter, 1 digit and 1 special symbol, and no consecutive identical characters; hardens defence against brute-force attacks.
- HTTPS on 8443 – Management interface now served over TLS by default.
- UPnP Disabled – Universal Plug and Play starts in the off state for reduced surface exposure.
- AiCloud Authentication Hardening (CWE-287) – Added layered verification.
- Authentication Logic Refactor – Removed redundant code paths for a lean sign-in flow.
- Memory Safety Guard (CWE-476) – Introduced null-reference protections across critical services.
- Enhanced IPsec Parameter Validation – The existing input checks have been hardened.
- Data Exposure Mitigation (CWE-200) – Reinforced controls on sensitive pathways.
- Detailed Audit Trails – Expanded logging within the authentication module.

System Improvements
- Connection Stability – Core algorithms refined for steadier links.
- Scheduling Accuracy – Timed tasks execute reliably under PPPoE, PPTP and L2TP WAN modes.
- Client List Maintenance – Resolved an issue that prevented offline devices from being removed from the client list.

Improved compatibility with certain IoT devices.

1. Fixed the UI issue in Chrome.
2. Fixed client binding issues in Mesh scenarios.
3. Enhanced input parameter handling techniques to improve data processing stability and system security.
4. Enhance system access control mechanisms.

Please unzip the firmware file, and then verify the checksum.
SHA256: 60d0449fceeba111c5d5138b639446a5993dad8bb6f8c267d8a4d844b882bfd6

Release note:
1.Strengthened input validation and data processing workflows to further protect information security.
2.Enhanced AiCloud password protection mechanisms, safeguarding against unauthorized access attempts.
3.Enhanced device security through improved buffer handling in connection features.
4.Refined data handling processes, ensuring secure and accurate information management.
5. Enhanced file access control mechanisms, promoting a more secure operating environment.
6. Strengthened certificate protection, providing enhanced data security.