ROG Rapture GT-AX11000
BIOS & Firmware
- Treiber & Tools
- BIOS & Firmware
Bug Fixes and Enhancements:
- Fixed WAN connection issues.
- Fixed v6plus related issues.
- Resolved an issue that caused hostname errors in the DDNS service.
- Resolved OpenVPN server TAP mode issue.
- Added MTU setting for WireGuard client.
- Ensured consistent display of client status on the WireGuard server.
- Enhanced system stability when accessing the WireGuard server with DMZ enabled.
- Improved stability when enabling or disabling the WireGuard server.
- Optimized memory utilization and fixed an occasional server error when registering DDNS with an app.
- Corrected a bug encountered when adding a rule to the network services filter.
- Fixed connection in load-balance mode when both WANs have static IPs.
Security Fixes:
- Fixed OpenSSL vulnerabilities.
- Upgraded to the latest dropbear version.
- Fixed a stack overflow vulnerability.
Please unzip the firmware file, and then verify the checksum.
SHA256: bfcb57ecd5fc62682d2ae7fbd5b56fdbd607b0ebe338a5334c1a1113eca0d717
New features:
-Built-in Surfshark in VPN Fusion allows you to surf the internet anonymously and securely from anywhere by encrypting connections. Please refer to https://asus.click/SurfsharkVPN
-iPhone/Android USB auto backup WAN allows you to connect your phone to the router’s USB port and use it as an internet source. Please refer to https://asus.click/AutobackupWAN
-DDNS transfer allows you to transfer your ASUS DDNS hostname from your original router to the new one. Please refer to https://asus.click/ASUSDDNS
Bug fixes and functionality modifications:
-Resolved the issue with login and password changes.
-Resolved the IPSec VPN connection issues.
-Resolved the Instant Guard connection issues.
-Fixed the AiCloud login issue after unplugging and plugging the HDD into the USB port.
-Fixed the issue where Traffic Analyzer sometimes couldn't record data.
-Fixed the time display issue for the preferred upgrade time in the Auto Firmware Upgrade function.
-Fine-tuned the description for port status.
-Enabled DynDNS and No-IP DDNS to use IPv6.
-Fixed AiMesh preferred AP identification in site survey results.
-Updated timezone list for Greenland, Mexico, and Iran.
-Modified the USB application option text in dual WAN.
-Allowed WireGuard Server clients to access the Samba server.
-Fixed memory leak issue.
-Enabled the failback function when using the iOS/Android USB backup WAN.
-The ARP response issue has been resolved, along with the connection issue between the router and the ROG Phone 6 and 7.
-Resolved the issue where the USB path is not displayed on the Media Server page in the AiMesh node
Security updates:
-Enabled and supported ECDSA certificates for Let's Encrypt.
-Enhanced protection for credentials.
-Enhanced protection for OTA firmware updates.
-Fixed DoS vulnerabilities in firewall configuration pages. Thanks to Jinghe Gao's contribution.
-Fixed DoS vulerabilities in httpd. Thanks to Howard McGreehan.
-Fixed information disclosure vulnerability. Thanks to Junxu (Hillstone Network Security Research Institute) contribution.
-Fixed CVE-2023-28702 and CVE-2023-28703. Thanks to Xingyu Xu(@tmotfl) contribution.
-Fixed null pointer dereference vulnerabilities. Thanks to Chengfeng Ye, Prism Research Group - cse hkust contribution.
-Fixed the cfg server vulnerability. Thanks to Swing and Wang Duo from Chaitin Security Research Lab.
-Fixed the vulnerability in the logmessage function CVE-2023-35086/ CVE-2023-35087. Thanks to Swing and Wang Duo from Chaitin Security Research Lab C0ss4ck from Bytedance Wuheng Lab, Feixincheng from X1cT34m.
Please unzip the firmware file, and then verify the checksum.
SHA256: 30a2d458aa07bbc52dd657861255e59b4ab7157257a36f82d99c0b454fc981d1
1.Fixed CVE-2022-46871
2.Fixed Client DOM Stored XSS.
3.Improved AiMesh backhaul stability.
4.Fixed AiMesh topology UI bugs.
5.Fixed the reboot issue when assigning specific clients in VPN fusion.
6.Fixed the VPN fusion bug when importing the Surfshark WireGuard conf file.
7.Fixed network map bugs.
8.Fixed 2.5G port status UI bugs.
Please unzip the firmware file first then check the MD5 code.
MD5: 728a920d4e1951869e48521539c35bfc
1. Supported WireGuard VPN server and client.
2. Supported VPN fusion. It can easily achieve VPN connection to network devices like Smart TV, Game consoles and without installing the VPN client software.
3. Supported new devices connection notification.
4. Supported connection diagnostic on the ASUS router app.
5. Supported Instant Guard 2.0 which helps easily invite family or friends to join the VPN connection.
6. Upgraded parental control and added reward, new scheduler for flexible setting
7. Fixed USB icon issue in port status.
8. Fixed HTTP response splitting vulnerability. Thanks to Efstratios Chatzoglou, University of the Aegean.
9. Fixed status page HTML vulnerability. Thanks to David Ward.
10. Fixed CVE-2018-1160. Thanks to Steven Sroba.
11. Fixed cfg_server security issue.
Please unzip the firmware file first then check the MD5 code.
MD5: 63796208c127a527f63419677a4962ef
1. Fixed OpenSSL CVE-2022-0778
2. Fixed CVE-2021-34174
3. Added more security measures to block malware.
4. Fixed Stored XSS vulnerability. Thanks to Milan Kyselica of IstroSec.
5. Fixed CVE-2022-23970, CVE-2022-23971, CVE-2022-23972, CVE-2022-23973, CVE-2022-25595, CVE-2022-25596, CVE-2022-25597, CVE-2022-26673, CVE-2022-26674, CVE-2022-26376
6. Added 3rd party DNS server list in WAN --> DNS to help users enhance the connection security.
7. Supported Safe Browsing in the router app to filter explicit content from search results. You can set it in the router app --> Devices or Family.
8. Improved system stability.
9. Fixed anomalous 802.11 frame issues.
Thanks to Kari Hulkko and Tuomo Untinen from The Synopsys Cybersecurity Research Center (CyRC). Issue was found by using Defensics Fuzz Testing Tool.
10.Added the WTFast to triple-level game acceleration.
Please unzip the firmware file first then check the MD5 code.
MD5: c705986fc1891565625ecc7971221bd8
Security
- Fixed string format stacks vulnerability
- Fixed cross-site-scripting vulnerability
- Fixed informational vulnerability.
Thanks to Howard McGreehan.
-Fixed SQL injection vulnerability
-Fixed json file traversal vulnerability
-Fixed plc/port file traversal vulnerability
-Fixed stack overflow vulnerability
Thanks to HP of Cyber Kunlun Lab
-Fixed authenticated stored XSS vulnerability
Thanks to Luke Walker – SmartDCC
-Fixed LPD denial of service vulnerability
-Fixed cfgserver heap overflow vulnerability
-Fixed cfgserver denial of service vulnerability
Thanks to TianHe from BeFun Cyber Security Lab.
Added more ISP profile
Digi 1 - TM
Digi 2 - TIME
Digi 3 - Digi
Digi 4 - CTS
Digi 5 - ALLO
Digi 6 - SACOFA
Maxis - CTS
Maxis - SACOFA
Maxis - TNB/ALLO
Fixed AiMesh guest network issues.
Fixed DDNS issues where the WAN IP is IPv6
Fixed UI bugs in Administration --> feedback.
Fixed time zone error.
Improved the connection stability.
Supported v6plus
Please unzip the firmware file first then check the MD5 code.
MD5:5126c6f077a017013aff1c0a07727f94
1. Fixed Let's encrypt related bugs.
2. Fixed httpd vulnerability
3. Fixed stack overflow vulnerability
4. Fixed DoS vulnerability
Thanks for the contribution of Fans0n、le3d1ng、Mwen、daliy yang from 360 Future Security Labs
5. Fixed Post-Auth Command Injection vulnerability. Special thanks to @d0gkiller87.
Please unzip the firmware file first then check the MD5 code.
MD5: be5a3e97a3cf2eebab6e1f8787663e2c
1. Fixed AiMesh web page multi-language issues.
2. Fixed Let's encrypt issues.
3. Fixed Stored XSS vulnerability.
4. Fixed CVE-2021-41435, CVE-2021-41436.
Thanks to Efstratios Chatzoglou, University of the Aegean
Georgios Kambourakis, European Commission at the European Joint Research Centre
Constantinos Kolias, University of Idaho.
5. Fixed Stack overflow vulnerability. Thanks to Jixing Wang (@chamd5) contribution.
6. Fixed information disclosure vulnerability .Thanks to CataLpa from DBappSecurity Co.,Ltd Hatlab and 360 Alpha Lab contribution.
Please unzip the firmware file first then check the MD5 code.
MD5: 5a5f30f059a92bad0f8f7796e34f4d71
This version includes several vulnerability patches.
BusyBox
- CVE-2016-2148
- CVE-2016-6301
- CVE-2018- 1000517
cURL
- CVE-2020-8169
- CVE-2019-5481
- CVE-2019-5482
- CVE-2018-1000120
- CVE-2018- 1000300
- CVE-2018-16839
Lighttpd
- CVE-2018-19052
Linux
- CVE-2020-14305
- CVE-2020-25643
- CVE-2019-19052
lldpd
- CVE-2020-27827
Avahi
- CVE-2017-6519
hostapd
- CVE-2021-30004
- CVE-2019-16275
OpenVPN
- CVE-2020-11810
- CVE-2020-15078
wpa
- CVE-2021-30004
- CVE-2021-27803
- CVE-2019-11555
- CVE-2019-9499
- CVE-2019-9498
- CVE-2019-9497
- CVE-2019-9496
- CVE-2019-9495
- CVE-2019-9494
- CVE-2017-13086
- CVE-2017-13084
- CVE-2017-13082
- CVE-2016-4476
- CVE-2015-8041
Please unzip the firmware file first then check the MD5 code.
MD5: 9202124a85e427f2505fb49219fa8ef2
1. Improved connection stability.
2. Modified the DNS setting and router's DNS can be assigned to the LAN side DNS.
3. Fixed DoS vulnerability from spoofed sae authentication frame. Thanks to Efstratios Chatzoglou, University of the Aegean, Georgios Kambourakis, European Commission at the European Joint Research Centre, and Constantinos Kolias, University of Idaho.
4. Fixed envrams exposed issue. Thanks to Quentin Kaiser from IoT Inspector Research Lab contribution.
Please unzip the firmware file first then check the MD5 code.
MD5: 714e9a508fd96a0894e72d7e5ba48b55
1.Fixed the FragAttack vulnerability.
2.Fixed DoS vulnerability. Thanks for Tsinghua University NISL's contribution.
3.Improved system stability.
4.Fixed GUI bugs.
5.Security Fixed: CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686
Please unzip the firmware file first then check the MD5 code.
MD5: 9d7c0a50771b571e2b0ec045ae2e5ab6
Security Fixed:
Fixed CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686
Please be noted this is a quick fix beta version for DNSmasq vulnerabilities. Refer to "Method 2: Update Manually" in https://www.asus.com/support/FAQ/1008000 to update this firmware.
Please unzip the firmware file first then check the MD5 code.
MD5: 94ff69e26463ea132fd90e5a92127fed
1. AiMesh 2.0
- System optimization: one click in AiMesh to optimize the topology
- System Ethernet backhaul mode, all nodes will only connect by ethernet, all bands will be released for wireless clients.
- System factory default and reboot.
- Client device reconnect, make the device to offline and online again.
- Client device binding to specific AP.
- Guest WiFi on all Mesh nodes (all node need to upgrade to 3.0.0.4.386 firmware)
- Access nodes USB application.
Connection priority and Ethernet backhaul mode introduction
https://www.asus.com/support/FAQ/1044184
How to setup ASUS AiMesh or ZenWiFi Mesh Ethernet backhaul under different conditions
https://www.asus.com/support/FAQ/1044151/
2. New Family interface in ASUS router App.
ASUS Router App for iOS must greater or equal to iOS v1.0.0.5.75
Android version greater or equal to v1.0.0.5.74
3. The unit of the WiFi time scheduler goes to 1 minute.
4. Support IPSec IKE v1 and IKE v2, and you can use the Windows 10 native VPN client program to connect to the router's IPSec VPN server. The Windows 10 new FAQ is in https://www.asus.com/support/FAQ/1033576
5. 2.4 and 5G on the network map could be configured in the same tab.
6. Captcha for login can be disabled in administration -> system.
7. Printer server port can be disabled on the USB app page.
8. Clients which connect to the guest network can be viewed in the network map -->view list --> interface
9. Fix Let's Encrypt not working properly.
10. Add IPTV supports for specific region.
Please unzip the firmware file first then check the MD5 code.
MD5: 675819da509594779a26ffc56fc8eaa2
- Fixed static IP WAN connection issues.
- Fixed wan link aggregation stability issues.
- Fix CallStranger vulnerability (CVE-2020-12695)
- Improved system stability.
Please unzip the firmware file first then check the MD5 code.
MD5: 020456582239231da11ae6dfc4293987
- support uplink/downlink OFDMA
- Fixed the VPN fusion exception list related bugs.
- Modified the Telnet/SSH setting UI message.
- Added printer enable/disable switch.
- Added port setting option in the remote log server setting.
- Fixed login bugs.
- Support router certificate export. After import the certificate to the computer you will not see the warning message when login with https. Please refer to https://www.asus.com/us/support/FAQ/1034294/
Please unzip the firmware file first and then check the MD5 code.
MD5: 3ff24e337cd4bc6f69ca0e8b70e78de5
1. Update Adaptive QoS categories: Help you to prioritize the mission-critical applications
Those people who work-from-home & learn-from-home will greatly benefit from this new feature with optimized streaming experiences.
New Supported Categories & Apps:
- Video conferencing, including Microsoft Teams®, ZOOM®, Skype®, Google Hangouts®, BlueJeans®
- Online learning, including Khan academy®, Udemy®, Coursera®, TED®, VIPKiD®, 51Talk®, XDF®, Xueersi®
- Streaming, including YouTube®, Netflix®, HBO NOW®, Amazon Prime Video®, Disney+®, ESPN®, MLB.com®, iQIY®
- Indoor training, including Zwift®, Peloton®, Onelap®
Stay tuned and more apps are coming to the list soon!
2. Support Mobile Game Mode
- One-click prioritizing your mobile device to the highest and ensure you the best mobile gaming experiences.
- Install/Update ASUS Router App (Android supports later than 1.0.0.5.44; iOS supports later than 1.0.0.5.41)
3. Bug fix
- Fixed app and web login bugs.
- Improved connection stability.
Please unzip the firmware file first and then check the MD5 code.
MD5: eff6cc5ee5759c836ecb0ca5d74f5228
- Fixed CVE-2019-15126 (Kr00k) vulnerability.
- Fixed OpenVPN connection and UI bugs
Please unzip the firmware file first then check the MD5 code.
MD5: e44abbf7c0ba4f6f6467e58d2def89a2
- Enhanced the Wi-Fi 6 performance with Apple® iPhone11, Samsung® S10.
- Supported WPA3.
- Supported OFDMA.
- Supported 802.11k and 802.11v.
- Fixed Let's encrypt register related bugs.
- Fixed VPN fusion related bugs.
- Improved system stability.
Please unzip the firmware file first then check the MD5 code.
MD5: cbbd5cff732c1ae49b1a8fe19e7a4e38
Security fix
- Fixed a DDoS vulnerability. Thanks for Altin Thartori's contribution.
Bug fix
- Fixed web control interface login problem.
- Fixed Network map clist list issues.
- Fixed VPN fusion related bugs.
- Fixed block internet access problem when clients connected to AiMesh node
- Fixed Samba server compatibility issue.
- Fixed OpenVPN related bugs.
- Fixed schedule reboot bugs.
- Improved AiMesh compatibility.
- Improved system stability.
- Fixed User interface related bugs.
Please unzip the firmware file first then check the MD5 code.
MD5: 0b9e4e8fbb2b017375646de22c8d8d30
New Feature
- Support WAN Aggregation under DHCP and PPPoE WAN connection type.
This feature combines two gigabit networks to increase bandwidth up to 2 gigabits. Please note that the modem connects to GT-AX11000 must support LACP-IEEE 802.3ad.
Bug fixed.
1. Optimized AiMesh backhaul connection.
2. System stability improvement.
3. Fixed IPv6 related bugs
Please unzip the firmware file first then check the MD5 code.
MD5: fd3330ba4f2815406a154e9a736eb2bd
- Fixed LED behavior
Please unzip the firmware file first then check the MD5 code.
MD5: ee148343ffbf195e8c1d3c77269a3fdb
Security Fix
- Fixed CVE-2018-20334
- Fixed CVE-2018-20336
- Fixed null pointer issue. Thanks for CodeBreaker of STARLabs’ contribution.
- Fixed AiCloud buffer overflow vulnerability. Thanks for Resecurity International's contribution.
Improvement
- Improved GT-AX11000 and Samsung® S10 series connection performance.
Bug Fix
- Fixed AiMesh LAN IP issue when router using IPv6 WAN.
- Fixed Network Map related issues.
- Fixed AiMesh connection issue between GT-AX11000 and RT-AX88U.
Please unzip the firmware file first then check the MD5 code.
MD5: 08c2b4b60d3b939f2afa6de3b8be44e3
- Fix missing AiMesh function on COD version.
- Improve WiFi stability.
- Improve AiMesh node performance
Please unzip the firmware file first then check the MD5 code.
MD5: 7e5ace4d90db72de14c99772b2be4f2a