RT-AC88U
BIOS & FIRMWARE
- Driver & Tools
- BIOS & FIRMWARE
1. Resolved an issue causing excessive log generation due to bwdpi issue.
2. Fixed a potential issue causing higher CPU utilization.
Please unzip the firmware file, and then verify the checksum.
SHA256: 14e73ff561fe0d0677e01182726e05957981caa0d27f2f0a588ab7523e77a1c9
1. Fixed OpenSSL CVE-2022-0778
2. Added more security measures to block malware.
3. Fixed Stored XSS vulnerability. Thanks to Milan Kyselica of IstroSec.
4. Fixed CVE-2022-23970, CVE-2022-23971, CVE-2022-23972, CVE-2022-23973, CVE-2022-CVE-2022-25595, CVE-2022-25596, CVE-2022-25596,
5. Added 3rd party DNS server list in WAN --> DNS to help users enhance the connection security.
Please unzip the firmware file first then check the MD5 code.
MD5:bf37620f6a581fc6f3bb08a49c5dc837
Security
- Fixed string format stacks vulnerability
- Fixed cross-site-scripting vulnerability
- Fixed informational vulnerability.
Thanks to Howard McGreehan.
-Fixed SQL injection vulnerability
-Fixed json file traversal vulnerability
-Fixed plc/port file traversal vulnerability
-Fixed stack overflow vulnerability
Thanks to HP of Cyber Kunlun Lab
-Fixed authenticated stored XSS vulnerability
Thanks to Luke Walker – SmartDCC
-Fixed LPD denial of service vulnerability
-Fixed cfgserver heap overflow vulnerability
-Fixed cfgserver denial of service vulnerability
Thanks to TianHe from BeFun Cyber Security Lab.
Added more ISP profile
Digi 1 - TM
Digi 2 - TIME
Digi 3 - Digi
Digi 4 - CTS
Digi 5 - ALLO
Digi 6 - SACOFA
Maxis - CTS
Maxis - SACOFA
Maxis - TNB/ALLO
Fixed WAN connection bug.
Fixed AiProtection bug.
Fixed AiMesh guest network issues.
Fixed DDNS issues where the WAN IP is IPv6
Fixed UI bugs in Administration --> feedback.
Fixed time zone error.
Fixed v6plus related issues.
Improved the connection stability.
Please unzip the firmware file first then check the MD5 code.
MD5:4d5a3e5d792f49ce0801a0ab9a86eb4c
Fixed XSS vulnerability
Fixed SQL injection vulnerability
Fixed PLC path traversal vulnerability
Fixed Stack overflow vulnerability
Thanks to HP of Cyber Kunlun Lab
Please unzip the firmware file first then check the MD5 code.
MD5:0ab0a52204b68f1eeb52f2b9cb981b40
This version includes several vulnerability patches.
BusyBox
- CVE-2016-2148
- CVE-2016-6301
- CVE-2018-1000517
cURL
- CVE-2020-8169
- CVE-2019-5481
- CVE-2019-5482
- CVE-2018-1000120
- CVE-2018- 1000300
- CVE-2018-16839
Lighttpd
- CVE-2018-19052
Linux
- CVE-2020-14305
- CVE-2020-25643
- CVE-2019-19052
lldpd
- CVE-2020-27827
Avahi
- CVE-2017-6519
hostapd
- CVE-2021-30004
- CVE-2019-16275
OpenVPN
- CVE-2020-11810
- CVE-2020-15078
wpa
- CVE-2021-30004
- CVE-2021-27803
- CVE-2019-11555
- CVE-2019-9499
- CVE-2019-9498
- CVE-2019-9497
- CVE-2019-9496
- CVE-2019-9495
- CVE-2019-9494
- CVE-2017-13086
- CVE-2017-13084
- CVE-2017-13082
- CVE-2016-4476
- CVE-2015-8041
-Fixed DoS vulnerability from spoofed sae authentication frame. Thanks to Efstratios Chatzoglou, University of the Aegean, Georgios Kambourakis, European Commission at the European Joint Research Centre, and Constantinos Kolias, University of Idaho.
-Fixed envrams exposed issue. Thanks to Quentin Kaiser from IoT Inspector Research Lab contribution.
-Fixed AiMesh web page multi-language issues.
-Fixed Stored XSS vulnerability.
-Fixed CVE-2021-41435, CVE-2021-41436.
Thanks to Efstratios Chatzoglou, University of the Aegean
Georgios Kambourakis, European Commission at the European Joint Research Centre
Constantinos Kolias, University of Idaho.
-Fixed Stack overflow vulnerability. Thanks to Jixing Wang (@chamd5) contribution.
-Fixed information disclosure vulnerability .Thanks to CataLpa from DBappSecurity Co.,Ltd Hatlab and Yao Chen(@ysmilec) of 360 Alpha Lab contribution.
Please unzip the firmware file first then check the MD5 code.
MD5: 30e873bd698a20446fb634fad19cd231
1.Fixed the FragAttack vulnerability.
2.Fixed DoS vulnerability. Thanks for Tsinghua University NISL's contribution.
3.Improved system stability.
4.Fixed GUI bugs.
5.Security Fixed: CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686
Please unzip the firmware file first then check the MD5 code.
MD5: 80f8d75eb4b23d60a65e1cdea052d5c8
Security Fixed:
Fixed CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686
Please be noted this is a quick fix beta version for DNSmasq vulnerabilities. Refer to "Method 2: Update Manually" in https://www.asus.com/support/FAQ/1008000 to update this firmware.
Please unzip the firmware file first then check the MD5 code.
MD5: 224bdf9a9b0f37b92239c1a3ffcc36e8
- Fixed Let's Encrypt not working properly.
- Fixed web browsing issue when enabled parental control
Please unzip the firmware file first then check the MD5 code.
MD5: 9d076ffef4cc04277bdbb78eadb8d822
1. AiMesh 2.0
- System optimization: one click in AiMesh to optimize the topology
- System Ethernet backhaul mode, all nodes will only connect by ethernet, all bands will be released for wireless clients.
- System factory default and reboot.
- Client device reconnect, make the device to offline and online again.
- Client device binding to specific AP.
- Guest WiFi on all Mesh nodes (all node need to upgrade to 3.0.0.4.386 firmware)
- Access nodes USB application.
Connection priority and Ethernet backhaul mode introduction
https://www.asus.com/support/FAQ/1044184
How to setup ASUS AiMesh or ZenWiFi Mesh Ethernet backhaul under different conditions
https://www.asus.com/support/FAQ/1044151/
2. New Family interface in ASUS router App.
ASUS Router App for iOS must greater or equal to iOS v1.0.0.5.75
Android version greater or equal to v1.0.0.5.74
3. The unit of the WiFi time scheduler goes to 1 minute.
4. 2.4 and 5G on the network map could be configured in the same tab.
5. Captcha for login can be disabled in administration -> system.
6. Printer server port can be disabled on the USB app page.
7. Clients which connect to the guest network can be viewed in the network map -->view list --> interface
Please unzip the firmware file first then check the MD5 code.
MD5: 8a12f13cd20352133bcf44c187ab44c3
- Fixed RCE vulnerability
Please unzip the firmware file first then check the MD5 code.
MD5: b63198f18b229512c08d95c93b2a3453
Security update
- Fixed CVE-2020-12695 (CallStranger)
- Fixed Reflected XSS vulnerability.
- Fixed Directory traversal vulnerability.
- Fixed CVE-2017-15653.
The update server transport layer security was upgraded and the old protocol was removed.
If your router firmware version is lower than 3.0.0.4.384.81116, please refer to the "Update Manually" section in https://www.asus.com/support/FAQ/1008000 to update the firmware.
Please unzip the firmware file first then check the MD5 code.
MD5: 90c48031342ec0a5759e25554cc015cc
- Fixed Let's encrypt certification renew bugs.
- Improved web history page loading speed.
- Fixed OpenVPN related bugs
- Fixed AiCloud share link bugs.
- Fixed Cloud sync bugs.
- Fixed offline client removing problem with ASUS router app.
- In the previous version, the certificate for https login needed to be installed again after system reboot, and this version fixed this problem.
- Adaptive QoS supported more apps
Work-From-Home: WeChat Work®, RescueAssist, Tencent/VooV Meeting®
Learn-From-Home: LinkedIn Learning®, Binkist®, Skillshare®, edX®
Media Streaming: SiriusXM®, Bilibili®
Indoor training: The Sufferfest®, Bkool Fitness®, TrainerRoad®, Rouvy®
Please unzip the firmware file first then check the MD5 code.
MD5: 33027b92ff37ef0834df38417ba06695
- Improved connection stability.
- Optimized CPU utilization.
- Fixed firmware upgrade bugs.
- Support router certificate export. After import the certificate to the computer you will not see the warning message when login with https. Please refer to https://www.asus.com/us/support/FAQ/1034294/
[Important notice] If your router firmware is 3.0.0.4.385.20490(or newer version) and want to downgrade to 3.0.0.4.384.81116 (or previous version), you need to reset the router after firmware changed.
Please unzip the firmware file first and then check the MD5 code.
MD5: 4ac9304ed99d9fd27825fbbb1b21c6a5
1. Update Adaptive QoS categories: Help you to prioritize the mission-critical applications
Those people who work-from-home & learn-from-home will greatly benefit from this new feature with optimized streaming experiences.
New Supported Categories & Apps:
- Video conferencing, including Microsoft Teams®, ZOOM®, Skype®, Google Hangouts®, BlueJeans®
- Online learning, including Khan academy®, Udemy®, Coursera®, TED®, VIPKiD®, 51Talk®, XDF®, Xueersi®
- Streaming, including YouTube®, Netflix®, HBO NOW®, Amazon Prime Video®, Disney+®, ESPN®, MLB.com®, iQIY®
- Indoor training, including Zwift®, Peloton®, Onelap®
Stay tuned and more apps are coming to the list soon!
2. Support Mobile Game Mode
- One-click prioritizing your mobile device to the highest and ensure you the best mobile gaming experiences.
- Install/Update ASUS Router App (Android supports later than 1.0.0.5.44; iOS supports later than 1.0.0.5.41)
3. Bug fixs
- Fixed CVE-2019-15126 (Kr00k) vulnerability.
- Fixed a DDoS vulnerability.
- Fixed Let's Encrypt related bugs.
- Fixed folder creating bugs in Samba.
Please unzip the firmware file first and then check the MD5 code.
MD5: 45eaa9318b846141c4d91a3acb481ff2
Security fix
- Fixed a DDoS vulnerability. Thanks for Altin Thartori's contribution.
Bug fix
- Fixed web control interface login problem.
- Fixed Network map clist list issues.
- Fixed block internet access problem when clients connected to AiMesh node
- Fixed Samba server compatibility issue.
- Fixed OpenVPN related bugs.
- Fixed schedule reboot bugs.
- Improved AiMesh compatibility.
- Improved system stability.
- Fixed User interface related bugs.
Please unzip the firmware file first then check the MD5 code.
MD5: ae51b46728e91aac92dc18b5c5821e6a
- Fixed DDoS vulnerability.
- Fixed AiCloud vulnerability. Thanks for Matt Cundari's contribution.
- Fixed command injection vulnerability. Thanks for S1mba Lu's contribution.
- Fixed buffer overflow vulnerability. Thanks for Javier Aguinaga's contribution.
Please unzip the firmware file first then check the MD5 code.
MD5: 35d8c687359ec8b304b1d0e42567ff93
Bug Fix
- Fixed browser no response problem when enabled Traffic analyzer.
- Fixed VLAN bug for Movistar.
- Fixed wireless mac filter input issue.
Please unzip the firmware file first then check the MD5 code.
MD5: 3c6b6699a4340f9de1313255c7599575
Security Fix
- Fixed CVE-2018-20334
- Fixed CVE-2018-20336
- Fixed null pointer issue. Thanks for CodeBreaker of STARLabs’ contribution.
- Fixed AiCloud buffer overflow vulnerability. Thanks for Resecurity International's contribution.
Bug Fix
- Fixed AiMesh LAN IP issue when router using IPv6 WAN.
- Fixed AIMesh connection issues.
- Fixed Network Map related issues.
- Fixed Download Master icon disappear issue.
- Fixed LAN PC cannot find router name in My Network Places when enabling Samba service.
- Fixed LAN LED not blinking problem.
Please unzip the firmware file first then check the MD5 code.
MD5: 825bb07b30d2a38fc78a58bd62f21121
AiMesh
- Improved AiMesh stability
- Lyra, Lyra Mini, and Lyra Trio can be added as AiMesh node into RT-AC88U network.
Please refer to https://www.asus.com/support/FAQ/1038071 for more detail.
Security
- Fixed CVE-2018-14710, CVE-2018-14711, CVE-2018-14712, CVE-2018-14713, CVE-2018-14714. Thanks for Rick Ramgattie's contribution.
- Fixed AiCloud/ Samba account vulnerability. Thanks for Matthew Cundari's contribution.
- Fixed DoS vulnerability. Thanks for Ruikai Liu's contribution.
- Fixed CVE-2018-17020, CVE-2018-17021, CVE-2018-17022.
- Fixed stored XSS vulnerability. Thanks for Duda Przemyslaw's contribution.
- Updated OpenSSL library.
New Alexa skill and IFTTT actions
- Add Alexa skill “ ask ASUS ROUTER to report security status”
- Add Alexa skill “ ask ASUS ROUTER how many devices are online”
- Add IFTTT actions : Wake on LAN
- Add IFTTT actions : check new firmware available and upgrade
[Note] You have to upgrade the firmware version up to 3.0.0.4.384_45149 if you want to use these new Alexa skills and IFTTT actions.
Bug fixes and improvement
- Improved wireless stability.
- Modified “Dual Wan” user interface.
- Modified “Port Forwarding” user interface.
- Modified “Restore” user interface.
- Fixed GUI bugs on user feedback page.
- Fixed “Adaptive QoS” bugs.
Please unzip the firmware file first then check the MD5 code.
MD5: 720caab24bc6f85edc67012ac773f96f
Fixed WIFI stability issue.
Please unzip the firmware file first then check the MD5 code.
MD5: a43d73b45113ff13a9a17b9ee908c7fc
AiMesh new features
- Supported creating mesh system with new router, BlueCave.
- Added Roaming block list in Advanced Settings --> Wireless.
You can add devices into block list and this device will not be roamed between AiMesh nodes.
- Supported ethernet onboarding. User can use ethernet cable.
You can use ethernet cable to connect AiMesh router LAN port and AiMesh node WAN port first and run the adding node process to build the mesh system.
Security fixes.
- Fixed Reflected XSS vulnerability.
- Fixed CSRF vulnerability.
- Fixed command injection vulnerability.
- Fixed stack buffer overflow vulnerability.
Thanks for Rick Ramgattie contribution.
Fixed USB hard drive over 2TB compatibility issues.
Fixed Samba/FTP folder permission issues.
Added USB3.0/2.0 mode switch setting in Administration --> System --> USB Settings.
Please unzip the firmware file first then check the MD5 code.
MD5: 4dacb25b179e3d514916cfc78377136f
- Modified the EULA for DDNS, AiProtection, Adaptive QoS, Traffic Analyzer, Web history, Feedback.
- Add Privacy page in Advanced settings
- Fixed IPv6 bugs
- Modified USB 3.0 related strings.
- Increased port forwarding rules limit from 32 to 64.
- Added more protection mechanism for OpenVPN account.
- Fixed AiMesh bandwidth and extension channel sync issue.
Please unzip the firmware file first then check the MD5 code.
MD5: d90fcb4d587c6526cd22fec4f37d9a16
Alpha firmware for MU-MIMO
Wi-Fi Alliance MU-MIMO certification standard is not final and MU-MIMO have compatibility issues between different chipset in this stage.
We will continually release new firmware to improve MU-MIMO performance.
If you want to get the alpha firmware for early stage testing, please send mail to router_feedback@asus.com and use "RT-AC88U MU-MIMO firmware" as mail title.