- Fixed CVE-2024-3079 and CVE-2024-3080. Thanks to the contribution of swing from Chaitin Security Research Lab.
- Fixed command injection vulnerability.
- Fixed the ARP poisoning vulnerability. Thanks to the contribution of Xin'an Zhou.
- Fixed code execution in custom OVPN. Thanks to the contrubution of Jacob Baines.
- Fixed the injection vulnerability in AiCloud.
- Fixed stack buffer overflow in lighttpd. Special thanks to Viktor Edstrom.
- Fixed CVE-2023-35720
- Fixed the code execution vulnerability in AiCloud. Thanks to the contribution of chumen77.
- Fixed the XSS and Self-reflected HTML injection vulnerability. Thanks to the contrubution of Redfox Cyber Security.

*Please be advised that due to a security upgrade in AiMesh, we strongly recommend against downgrading to previous firmware versions, as this may lead to connection issues. Should you encounter any difficulties, resetting the AiMesh router to its default settings and re-establishing the mesh connection can resolve the problem.

Please unzip the firmware file, and then verify the checksum.
SHA256: aded7987b384440cffc24755a9e5005d09174bf4d2836ba8e50c3bca8866b755

1. Resolved an issue causing excessive log generation due to bwdpi issue.
2. Fixed a potential issue causing higher CPU utilization.

Please unzip the firmware file, and then verify the checksum.
SHA256: 098ff2e48b60a2a97f6175257af15faac124802a8da94823dbf7bc1589a304ee

Bug fixes and functionality modifications:
-Resolved the issue with login and password changes.
-Fixed the issue where Traffic Analyzer sometimes couldn't record data.

Security updates:
-Enabled and supported ECDSA certificates for Let's Encrypt.
-Enhanced protection for credentials.
-Enhanced protection for OTA firmware updates.
-Fixed DoS vulnerabilities in firewall configuration pages. Thanks to Jinghe Gao's contribution.
-Fixed DoS vulerabilities in httpd. Thanks to Howard McGreehan.
-Fixed information disclosure vulnerability. Thanks to Junxu (Hillstone Network Security Research Institute) contribution.
-Fixed CVE-2023-28702 and CVE-2023-28703. Thanks to Xingyu Xu(@tmotfl) contribution.
-Fixed null pointer dereference vulnerabilities. Thanks to Chengfeng Ye, Prism Research Group - cse hkust contribution.
-Fixed the cfg server vulnerability. Thanks to Swing and Wang Duo from Chaitin Security Research Lab.
-Fixed the vulnerability in the logmessage function CVE-2023-35086/ CVE-2023-35087. Thanks to Swing and Wang Duo from Chaitin Security Research Lab C0ss4ck from Bytedance Wuheng Lab, Feixincheng from X1cT34m.

Please unzip the firmware file, and then verify the checksum.
SHA256: 6040822e6ab3d1bafc756fb038c2f3559aa1004a2af2d2bc52684f39004a2f65

1. Fixed HTTP response splitting vulnerability.
2. Fixed Samba related vulerabilities.
3. Fixed cfg server security issues.
4. Fixed Open redirect vulnerability.
5. Fixed token authentication security issues.
6. Fixed security issues on the status page.
7. Fixed XSS vulnerability.
8. Fixed CVE-2022-26376
9. Fixed CVE-2018-1160
10. Fixed IPv6-related bugs.
11. Added a new login URL http://www.asusrouter.com to fixed the login issues.
12. Optimize the AiMesh web interface
13. Fixed network map UI bugs
14. Fixed bugs related to Wi-Fi calling.
15. Supported web history record exported.
16. Fixed IPSec VPN server compatibility with Windows 10 VPN client.
17. Improved AiMesh connection stability.
18. Fixed IPTV issues.
19. Fixed CVE-2022-35401 authentication bypass vulnerability.
20. Fixed CVE-2022-38105 information disclosure vulnerability in CM process.
21. Fixed CVE-2022-38393 DoS vulnerability in cfg_server.


Please unzip the firmware file first then check the MD5 code.
MD5: 1db86bb601019bd30fa73f011fd33fab

1. Fixed CVE-2018-1160. Thanks to Steven Sroba
2. Fixed CVE-2022-26376.
3. Improved system stability.
4. Added 3rd party DNS server list in WAN --> DNS to help users enhance the connection security.

Please unzip the firmware file first then check the MD5 code.
MD5: df22d37f18b8595d953dafd14da92b74