Note:
*Facebook Wifi function is only support in firmware 3.0.0.4.380.7432_FBwifi, because Facebook has terminated the cooperation with ASUS, the subsequent firmware will not be updated.

- Fixed CVE-2018-20334
- Fixed CVE-2018-20336
- Fixed null pointer issue.
- Fixed DDoS vulnerability.
- Fixed command injection vulnerability.
- Fixed buffer overflow vulnerability.
- Fixed OpenVPN related bugs.
- Improved system stability.

Please unzip the firmware file first and then check the MD5 code.
MD5: 84b401c177f890794287a47fc181d917

Note:
*Facebook Wifi function is only support in firmware 3.0.0.4.380.7432_FBwifi, because Facebook has terminated the cooperation with ASUS, the subsequent firmware will not be updated.

Bug fixed items
* IPSec net-to-net peer/client connection dial fail occasionally.

Modified items
* Add AU/NZ ISP support in QIS and modify rule of IPTV support in wizard.
* Support EULA display description editor for Captive Portal wizard.
* Add IPSec PFS support.
* Add IPSec log level and fix connection status display.
* Fix VLAN subnet index mapping in Networkmap.
* Fix “non-auth.” log in issue of Captive Portal
* Rename "Implicit beamforming" as "Universal Beamforming".
* Remove OpenWRT changeset from SIP ALG.
* Modify “Port Forwarding” user interface.

Security fixed items
* Fix CVE-2018-17022
* Fix CVE-2018-17021
* Add TLS security patch
* Update to OpenSSL 1.0.2p
* Fix XSS vulnerability via SSID
* Fix OnSec-AVS-03006004
* Fix OnSec-AVS-03006002


Please unzip the firmware file first then check the MD5 code.
MD5: d4ba1da5d7a6b8618f3ad38e56aa020b

Note:
*Facebook Wifi function is only support in firmware 3.0.0.4.380.7432_FBwifi, because Facebook has terminated the cooperation with ASUS, the subsequent firmware will not be updated.


New Features
* [WAN] Draft VLAN support on WAN for NZ Fiber in New Zealand.

Web related update:
* [Policy] Privacy related modify
* [Permission Management] Add a UI notice on Permission Management
* [USB printer] Show USB printer function on Networkmap.
* [IPSec] Modify IPSec client the remote identity requirement, when configure add Net-to-Net FAQ.
* [Security] Fix security issues
- Fixed Reflected XSS vulnerability.
- Fixed CSRF vulnerability.
- Fixed command injection vulnerability.
- Fixed stack buffer overflow vulnerability.

Bugfix Update:
* [QIS] Redirect to internet type selection page when DHCP and PPPoE coexist.
* [WAN] modify code to reboot system when value of wans_dualwan is changed from 'wan usb' to 'usb wan’.
* [WAN] Reboot system when the settings of primary wan and secondary wan are exchanged. (ex. "wan wan2" => "wan2 wan”)
* [WAN] Remove the Auto MAC clone.
* [NAT] Modify the limit of Port Forward rule
* [WPS] Fix WPS default turn off issue, after restore to default on China and Taiwan H/W version
* [Guest Network] Fix wifi client can't connect to hidden guest network that authentication configured on Open System.
* [FreeRADIUS] Fix user authentication error when RADIUS server utility user account and password from Device Management
* [Captive Portal/Free WiFi]: Modify local account and password authentication error.
* [DDNS] Select public WAN IP to register DDNS server when Dual WAN load balance is enabled.
* [IPSec] Fix strongswan start process error when admin account is renamed.
* [IPSec] Security patch strongswan-5.2.1 to fix CVE-2018-5388, CVE-2018-10811.
* [IPSec] Fix net-to-net connection issue that remote client use can't connect IPSec server with DDNS.

RF related commits:
* [Bandwidth] Fix HT20 enabled in legacy mode.
* [TxPower] Add Tx power percentage function.
* [WiFi Professional] Apply RTS threshold, DTIM period, and WME APSD to each guest networks (Virtual APs).
* [WiFi Professional] Fix 11n/11ac multicast rate not be applied to main VAP.
* [WiFi Professional] Add HTMIX rates

Please unzip the firmware file first then check the MD5 code.
MD5: 559a03319aa4d1f0489bd123f14b93c6

Note:
*Facebook Wifi function is only support in firmware 3.0.0.4.380.7432_FBwifi, because Facebook has terminated the cooperation with ASUS, the subsequent firmware will not be updated.

Security fixed items
[httpd] Fixed nvram_dump can dump any file and run any system command
[httpd] Modify Cross-Site Scripting and single quotes naming issue for client device name on “View Client List”.
[httpd] Restrict to get DHCP information before logging in
[Hardware] Fixed CPU Spectre Security Vulnerability Issue.
Fixed CVE-2018-8879, cleanup the bloat
Fixed CVE-2018-8877, CVE-2018-8878

Bug fixed items
[UI] Fixed UI string translation on top status tab of main page.
[httpd] fix potential crash on NULL pointer and potential buffer overrun in do_qis_default()

Modified items
[httpd] Modify obtain SSID and PSK method from nvram_get to nvram_char_to_ascii.
[httpd] Simplify code that is used to remove unsupported channel according selected channel bandwidth.
[Permission Management] Add limitations for Permission Management
[Permission Management] modify user account maximum from 32 to 200.
[Permission Management] modify para length to avoid parsing string crash
[UI] Update descriptions of error_page.htm update descriptions of error_page.htm
[UI] Updated translated string which recommended by Poland user
[VLAN] Add LAN to LAN ROUTE feature for VLAN configuration

Please unzip the firmware file first then check the MD5 code.
MD5: 863e9d0ae27eacf402f7859bd6ff67d5

Security fixed items
* [Security] fixed LAN RCE vulnerability
* dnsmasq: apply security release CVE fixes
* dnsmasq: update to 2.78test2-12-gb697fbb, fix CVE-2017-13704
* Modify Smart Sync Stored XSS issue.
* [Security]:fixed nvram_dump can dump any file and run any system command
* [Security][CVE-2018-5721]: fixed buffer overflow in ej_update_variables when action_script includes '_wan_if' substring
* [IPSec] add CVE patch for CVE-2017-11185
* [IPSec] add CVE patch for CVE-2017-9022, CVE-2017-9023
* [httpd]Fixed buffer overflow in check_xss_blacklist()

Bug fixed items
* Fixed IP conflicts detection code.
* Fixed DUT reboot issue if number of MAC/IP binding rules greater than 30.
* Main Wireless SSID not work if one or more Guest SSID configured in VLAN.
* igmpproxy may listen on secondary WAN.
* dnsmasq: update to 2.77-13-g69a815a, fix reserved dhcp leases
* Tagged-based VLAN page can't be shown if language is FI (Suomi) or NL (Nederlands)
* Sync Advanced_TagBasedVLAN_Content.asp with commit 72cf990 of ac88q branch for SQ bug#868.
* Some LAN ports may not work if 802.3ad is enabled.
* Can't login OpenVPN server.
* Failed to connect OpenVPN server if ID has a [#] inside.
* Modify IPSec UI for the IKE v1, which only support single subnet (IKE v2 support multi-subnet)
* Port range of port-trigger feature doesn't work.
* Wrong message if client can't connected to DUT after firmware upgrade.
* Remove surge wave caused by redial from traffic graph.
* Remove unsupported UI functions: Bandwidth Limiter on Guest Network of AP mode, "Secure Your Router” button on AiProtection.
* Fixed Multi-language UI issues
* Fix the quotation marks will cause JS error in FR, UK
* Live Update get info file : Correct equal equation of firmver value

Modified items
* Fix model number and serial number information of WPS.
* Added new command to get blocked ACS channel.
* Enable IPSec VPN switch to SW crypto and enlarge IPSec server connection number.
* Modify supported symbols or special character on PSW and XAUTH of IPSec VPN
* Add USB modem support: Huawei E3372.
* dnsmasq: ignore localhost names from broken dhcp clients (like Samsung Smart TV)
* dnsmasq: update to stable 2.78

Please unzip the firmware file first then check the MD5 code.
MD5: 214eb052ca4daa49324eeb0b69451599

Security fixed items
* [Security] fixed LAN RCE vulnerability
* dnsmasq: apply security release CVE fixes
* dnsmasq: update to 2.78test2-12-gb697fbb, fix CVE-2017-13704
* Modify Smart Sync Stored XSS issue.
* [Security]:fixed nvram_dump can dump any file and run any system command
* [Security][CVE-2018-5721]: fixed buffer overflow in ej_update_variables when action_script includes '_wan_if' substring
* [IPSec] add CVE patch for CVE-2017-11185
* [IPSec] add CVE patch for CVE-2017-9022, CVE-2017-9023
* [httpd]Fixed buffer overflow in check_xss_blacklist()

Bug fixed items
* Fixed IP conflicts detection code.
* Fixed DUT reboot issue if number of MAC/IP binding rules greater than 30.
* Main Wireless SSID not work if one or more Guest SSID configured in VLAN.
* igmpproxy may listen on secondary WAN.
* dnsmasq: update to 2.77-13-g69a815a, fix reserved dhcp leases
* Tagged-based VLAN page can't be shown if language is FI (Suomi) or NL (Nederlands)
* Sync Advanced_TagBasedVLAN_Content.asp with commit 72cf990 of ac88q branch for SQ bug#868.
* Some LAN ports may not work if 802.3ad is enabled.
* Can't login OpenVPN server.
* Failed to connect OpenVPN server if ID has a [#] inside.
* Modify IPSec UI for the IKE v1, which only support single subnet (IKE v2 support multi-subnet)
* Port range of port-trigger feature doesn't work.
* Wrong message if client can't connected to DUT after firmware upgrade.
* Remove surge wave caused by redial from traffic graph.
* Remove unsupported UI functions: Bandwidth Limiter on Guest Network of AP mode, "Secure Your Router” button on AiProtection.
* Fixed Multi-language UI issues
* Fix the quotation marks will cause JS error in FR, UK
* Live Update get info file : Correct equal equation of firmver value

Modified items
* Fix model number and serial number information of WPS.
* Added new command to get blocked ACS channel.
* Enable IPSec VPN switch to SW crypto and enlarge IPSec server connection number.
* Modify supported symbols or special character on PSW and XAUTH of IPSec VPN
* Add USB modem support: Huawei E3372.
* dnsmasq: ignore localhost names from broken dhcp clients (like Samsung Smart TV)
* dnsmasq: update to stable 2.78

Please unzip the firmware file first then check the MD5 code.
MD5: 02833e0b4d093ff01ba25cab9588f23e