RT-AC86U
BIOS & FIRMWARE
- Driver & Tools
- BIOS & FIRMWARE
- Fixed command injection vulnerability.
- Fixed the ARP poisoning vulnerability. Thanks to the contribution of Xin'an Zhou.
- Fixed code execution in custom OVPN. Thanks to the contrubution of Jacob Baines.
- Fixed the injection vulnerability in AiCloud.
- Fixed stack buffer overflow in lighttpd. Special thanks to Viktor Edstrom.
- Fixed CVE-2023-35720
- Fixed the code execution vulnerability in AiCloud. Thanks to the contribution of chumen77.
- Fixed the XSS and Self-reflected HTML injection vulnerability. Thanks to the contrubution of Redfox Cyber Security.
- Fixed CVE-2024-3079 and CVE-2024-3080. Thanks to the contribution of swing from Chaitin Security Research Lab.
*Please be advised that due to a security upgrade in AiMesh, we strongly recommend against downgrading to previous firmware versions, as this may lead to connection issues. Should you encounter any difficulties, resetting the AiMesh router to its default settings and re-establishing the mesh connection can resolve the problem.
Please unzip the firmware file, and then verify the checksum.
SHA256: f092a5b2a59a2ac6068dc219688d326d26115e97dfc97d64ad1b1cec515788f7
Security updates:
-Fixed the cfg server vulnerability.
-Fixed the vulnerability in the logmessage function CVE-2023-35086/ CVE-2023-35087.
-Fixed lighttpd vulnerability, CVE-2023-35720.
-Fixed several curl vulnerabilities including CVE-2023-28322, CVE-2023-28321, and CVE-2023-28319.
-Fixed FFmpeg vulnerabilities, specifically CVE-2022-3964, CVE-2022-48434, and CVE-2022-3109.
-Fixed OpenSSL vulnerability, CVE-2023-0464.
-Fixed ReadyMedia vulnerabilitym CVE-2020-28926.
-Fixed UPnP vulnerability CVE-2020-12695.
-Upgraded sqlighte and resolved CVE-2020-11656 / CVE-2019-19646 / CVE-2019-8457 / CVE-2020-11655 / CVE-2018-20505 / CVE-2019-16168 / CVE-2019-19645 / CVE-2020-13435 / CVE-2020-13631 / CVE-2020-13434
-Strengthened protection against SSH brute force attacks.
-Fixed CVE-2023-39239. Thanks to Swings and Wang Duo from Chaitin Security Research Lab , C0ss4ck from Bytedance Wuheng Lab, 费新程 from X1cT34m.
- Patched several command injection vulnerabilities, CVE-2023-38031, CVE-2023-38032, CVE-2023-38033,CVE-2023-39236,CVE-2023-39237, Thanks to Jincheng Wang from X1cT34m Laboratory of Nanjing University of Posts and Telecommunications
Please unzip the firmware file, and then verify the checksum.
SHA256: 6eb89b8a3b9ffb37bdd8bc3619210917a3afe2ccb92648ad15fbeabf2b751548
Security updates:
-Fixed DoS vulnerabilities in firewall configuration pages. Thanks to Jinghe Gao's contribution.
-Fixed DoS vulerabilities in httpd. Thanks to Howard McGreehan.
-Fixed information disclosure vulnerability. Thanks to Junxu (Hillstone Network Security Research Institute) contribution.
-Fixed CVE-2023-28702 and CVE-2023-28703. Thanks to Xingyu Xu(@tmotfl) contribution.
-Fixed null pointer dereference vulnerabilities. Thanks to Chengfeng Ye, Prism Research Group - cse hkust contribution.
Please unzip the firmware file first then check the MD5 code.
MD5: b40babdef507e16043ec4dfebdceb98f
1.Fixed HTTP response splitting vulnerability.
2.Fixed Samba related vulerabilities.
3.Fixed cfg server security issues.
4.Fixed Open redirect vulnerability.
5.Fixed token authentication security issues.
6.Fixed security issues on the status page.
7.Fixed XSS vulnerability.
8.Fixed CVE-2022-26376
9.Fixed CVE-2018-1160
10.Fixed IPv6-related bugs.
11.Added a new login URL http://www.asusrouter.com to fixed the login issues.
12.Optimize the AiMesh web interface
13.Fixed network map UI bugs
14.Fixed bugs related to Wi-Fi calling.
15.Supported web history record exported.
16.Fixed IPSec VPN server compatibility with Windows 10 VPN client.
17.Improved AiMesh connection stability.
18.Fixed IPTV issues.
Please unzip the firmware file first then check the MD5 code.
MD5: 9c55ed74c15323c29e0de1e106769107
1. Fixed OpenSSL CVE-2022-0778
2. Added more security measures to block malware.
3. Fixed Stored XSS vulnerability. Thanks to Milan Kyselica of IstroSec.
4. Fixed CVE-2022-23970, CVE-2022-23971, CVE-2022-23972, CVE-2022-23973, CVE-2022-25595, CVE-2022-25596, CVE-2022-25597
5. Added 3rd party DNS server list in WAN --> DNS to help users enhance the connection security.
Please unzip the firmware file first then check the MD5 code.
MD5:158b1ecf26e1a649d4b67555244d0976