ASUS ZenWiFi XD6
BIOS & FIRMWARE
- Driver & Tools
- BIOS & FIRMWARE
Security:
Fixed command injection vulnerabilities
Fixed remove ookla-IPQ956X
Fixed vulnerability in command injection after authentication
Fixed XSS potentially via malformed hostname in DHCP request
Fixed Fixed Stored Cross Site Scriptin
Fixed XSS attack via EXT3 USB in foldername
Fixed ping '-c' parameter in administration Network Tools is validated only on client side
Feature:
Fixed AiMesh related bugs.
Fixed minor GUI bugs.
Fixed bugs of Hinet MOD mesh IPTV.
Please unzip the firmware file, and then verify the checksum.
SHA256: c87444363515efe3203735738ab9e527d0e70418631481c2ba57dfa44fd83b0a
Try more on ASUSWRT 2022 with new features at https://asus.click/ASUSWRT2022
1. Supported WireGuard VPN server and client.
2. Supported VPN fusion. It can easily achieve VPN connection to network devices like Smart TV, Game consoles and without installing the VPN client software.
3. Supported new devices connection notification.
4. Supported connection diagnostic on the ASUS router app.
5. Supported Instant Guard 2.0 which helps easily invite family or friends to join the VPN connection.
6. Upgraded parental control and added reward, new scheduler for flexible setting
7. Fixed HTTP response splitting vulnerability. Thanks to Efstratios Chatzoglou, University of the Aegean.
8. Fixed status page HTML vulnerability. Thanks to David Ward.
9. Fixed CVE-2018-1160. Thanks to Steven Sroba.
10. Fixed cfg_server security issue.
Please unzip the firmware file first then check the MD5 code.
MD5: 8043c0953ccde388c59f797aca73d882
1. Improved wireless connection stability.
2. Supported Safe Browsing in the router app to filter explicit content from search results. You can set it in the router app --> Devices or Family.
3. Fixed CVE-2022-26376
Please unzip the firmware file first then check the MD5 code.
MD5: 1eddfbf656e0241978aed4554eb51794
Fixed the AiMesh node connection issue if the WPA Pre-Share key is over 32 characters.
Please unzip the firmware file first then check the MD5 code.
MD5: b41c769d68c5709392b0e3201cfcb5aa
1. Fixed OpenSSL CVE-2022-0778
2. Fixed CVE-2021-34174, CVE-2022-0778
3. Added more security measures to block malware.
4. Fixed Stored XSS vulnerability. Thanks to Milan Kyselica of IstroSec.
5. Fixed CVE-2022-23970, CVE-2022-23971, CVE-2022-23972, CVE-2022-23973, CVE-2022-25595, CVE-2022-25596, CVE-2022-25597, CVE-2022-26673, CVE-2022-26674
6. Added 3rd party DNS server list in WAN --> DNS to help users enhance the connection security.
7. Fixed guest network issue.
Please unzip the firmware file first then check the MD5 code.
MD5: 6b0b1a120b55b541b608ec13e9bf40d1
Improved system stability
Please unzip the firmware file first then check the MD5 code.
MD5:f234d2d1a9c72cfb16206febf3303b6a
1. Fix AiMesh issues
2. Improve system stability
Please unzip the firmware file first then check the MD5 code.
MD5:cd7fd0971683ec5587e244010bc99376
1. Fixed AiMesh web page multi-language issues.
2. Fixed Let's encrypt issues.
3. Fixed Stored XSS vulnerability.
4. Fixed CVE-2021-41435, CVE-2021-41436.
Thanks to Efstratios Chatzoglou, University of the Aegean
Georgios Kambourakis, European Commission at the European Joint Research Centre
Constantinos Kolias, University of Idaho.
5. Fixed Stack overflow vulnerability. Thanks to Jixing Wang (@chamd5) contribution.
6. Fixed information disclosure vulnerability .Thanks to CataLpa from DBappSecurity Co.,Ltd Hatlab and 360 Alpha Lab contribution.
Please unzip the firmware file first then check the MD5 code.
MD5: 70b9d7a3e278b4daf58c3485326c6ce2
This version includes several vulnerability patches.
BusyBox
- CVE-2016-2148
- CVE-2016-6301
- CVE-2018- 1000517
cURL
- CVE-2020-8169
- CVE-2019-5481
- CVE-2019-5482
- CVE-2018-1000120
- CVE-2018- 1000300
- CVE-2018-16839
Lighttpd
- CVE-2018-19052
Linux
- CVE-2020-14305
- CVE-2020-25643
- CVE-2019-19052
lldpd
- CVE-2020-27827
Avahi
- CVE-2017-6519
hostapd
- CVE-2021-30004
- CVE-2019-16275
OpenVPN
- CVE-2020-11810
- CVE-2020-15078
wpa
- CVE-2021-30004
- CVE-2021-27803
- CVE-2019-11555
- CVE-2019-9499
- CVE-2019-9498
- CVE-2019-9497
- CVE-2019-9496
- CVE-2019-9495
- CVE-2019-9494
- CVE-2017-13086
- CVE-2017-13084
- CVE-2017-13082
- CVE-2016-4476
- CVE-2015-8041
Fixed DoS vulnerability from spoofed sae authentication frame. Thanks to Efstratios Chatzoglou, University of the Aegean, Georgios Kambourakis, European Commission at the European Joint Research Centre, and Constantinos Kolias, University of Idaho.
Fixed envrams exposed issue. Thanks to Quentin Kaiser from IoT Inspector Research Lab contribution.
Please unzip the firmware file first then check the MD5 code.
MD5: b9d6cb8489f4cee172b7ce61e7717bf8
-Improved system stability
Please unzip the firmware file first then check the MD5 code.
MD5: 76ffe9c8e555cdf0095ced00cfdc45a1
-Improved system stability
- Fixed the fragattacks vulnerability.
Please unzip the firmware file first then check the MD5 code.
MD5: fca0a297d032c97c21a1003a071cb4e5
Initial Release
Please unzip the firmware file first then check the MD5 code.
MD5: 1ac6dd3aaeea2e26970e922646782a0a