ASUS ZenWiFi AX (XT8)
BIOS & FIRMWARE
- Driver & Tools
- BIOS & FIRMWARE
1. Strengthened input validation and data processing workflows to further protect information security.
2. Enhanced AiCloud password protection mechanisms, safeguarding against unauthorized access attempts.
3. Enhanced device security through improved buffer handling in connection features.
4. Refined data handling processes, ensuring secure and accurate information management.
5. Enhanced file access control mechanisms, promoting a more secure operating environment.
6. Strengthened certificate protection, providing enhanced data security.
Please unzip the firmware file, and then verify the checksum.
SHA256: ffbae9dc6c9a1b0364d8d7b1c96b999c3be3c5610457312721621c12aba2bba1
1. Optimized memory management mechanisms, improving system efficiency and stability.
2. Strengthened input validation and data processing workflows, further protecting your information security.
3. Improved web rendering engine, enhancing browsing experience and security.
4. Enhanced security of system command processing to guard against potential malicious operations.
5. Perfected JavaScript-related security mechanisms, offering a more secure web interaction environment.
Please unzip the firmware file, and then verify the checksum.
SHA256: 88328e6767b3c0afc4527e15129960229d1a6573fe4bd63c003a55e9aed3c82
- Fixed command injection vulnerability.
- Fixed the ARP poisoning vulnerability. Thanks to the contribution of Xin'an Zhou.
- Fixed code execution in custom OVPN. Thanks to the contrubution of Jacob Baines.
- Fixed the injection vulnerability in AiCloud.
- Fixed stack buffer overflow in lighttpd. Special thanks to Viktor Edstrom.
- Fixed CVE-2023-35720
- Fixed the code execution vulnerability in AiCloud. Thanks to the contribution of chumen77.
- Fixed the XSS and Self-reflected HTML injection vulnerability. Thanks to the contrubution of Redfox Cyber Security.
- Fixed CVE-2024-3079 and CVE-2024-3080. Thanks to the contribution of swing from Chaitin Security Research Lab.
*Please be advised that due to a security upgrade in AiMesh, we strongly recommend against downgrading to previous firmware versions, as this may lead to connection issues. Should you encounter any difficulties, resetting the AiMesh router to its default settings and re-establishing the mesh connection can resolve the problem.
Please unzip the firmware file, and then verify the checksum.
SHA256: 2cd1851f75abf270c34ec4643617aa03235c3d1415696a8a9100dc1b79972378
Bug Fixes and Enhancements:
- Fixed IP display list issue on networkmap.
- Fixed a GUI bug for WireGuard client profile name.
- Fixed WAN connection issues.
- Resolved an issue that caused hostname errors in the DDNS service.
- Resolved OpenVPN server TAP mode issue.
- Added MTU setting for WireGuard client.
- Ensured consistent display of client status on the WireGuard server.
- Enhanced system stability when accessing the WireGuard server with DMZ enabled.
- Improved stability when enabling or disabling the WireGuard server.
- Optimized memory utilization and fixed an occasional server error when registering DDNS with an app.
- Corrected a bug encountered when adding a rule to the network services filter.
- Fixed AiMesh node under Ethernet backhaul issues.
- Fixed GUI bugs while searching for AiMesh Node.
- Fixed USB function related issues.
- Fixed a GUI bug that occurred when adding port range rules in the Network Service Filter.
Security Fixes:
- Fixed OpenSSL vulnerabilities.
- Fixed command injection vulnerabilities.
- Upgraded to the latest dropbear version.
- Fixed a stack overflow vulnerability.
- Fixed vulnerability in command injection after authentication.
- Fixed XSS potentially via malformed hostname in DHCP request.
Please unzip the firmware file, and then verify the checksum.
SHA256: 2c30916aa29897cd44785e1ad67a9c77c0563d2c5b11b28a40a5101f79460250
Bug fixes and functionality modifications:
-The ARP response issue has been resolved, along with the connection issue between the router and the ROG Phone 6 and 7.
-Resolved the issue where the USB path is not displayed on the Media Server page in the AiMesh node
-Resolved the Download Master login issue. Please click the update link in the USB Application to update it.
Security updates:
-Fixed the cfg server vulnerability. Thanks to Swing and Wang Duo from Chaitin Security Research Lab.
-Fixed the vulnerability in the logmessage function CVE-2023-35086/ CVE-2023-35087. Thanks to Swing and Wang Duo from Chaitin Security Research Lab C0ss4ck from Bytedance Wuheng Lab, Feixincheng from X1cT34m.
Please unzip the firmware file, and then verify the checksum.
SHA256: 450307439b402fdbdc71ffcf44d195c2d42270092b000387fbcc4f801241fe75
New features:
-Built-in Surfshark in VPN Fusion allows you to surf the internet anonymously and securely from anywhere by encrypting connections. Please refer to https://asus.click/SurfsharkVPN
-iPhone/Android USB auto backup WAN allows you to connect your phone to the router’s USB port and use it as an internet source. Please refer to https://asus.click/AutobackupWAN
-DDNS transfer allows you to transfer your ASUS DDNS hostname from your original router to the new one. Please refer to https://asus.click/ASUSDDNS
Bug fixes and functionality modifications:
-Resolved the issue with login and password changes.
-Resolved the IPSec VPN connection issues.
-Resolved the Instant Guard connection issues.
-Fixed the AiCloud login issue after unplugging and plugging the HDD into the USB port.
-Fixed the issue where Traffic Analyzer sometimes couldn't record data.
-Fixed the time display issue for the preferred upgrade time in the Auto Firmware Upgrade function.
-Fine-tuned the description for port status.
-Enabled DynDNS and No-IP DDNS to use IPv6.
-Fixed AiMesh preferred AP identification in site survey results.
-Updated timezone list for Greenland, Mexico, and Iran.
-Modified the USB application option text in dual WAN.
-Allowed WireGuard Server clients to access the Samba server.
-Fixed memory leak issue.
-Enabled the failback function when using the iOS/Android USB backup WAN.
Security updates:
-Enabled and supported ECDSA certificates for Let's Encrypt.
-Enhanced protection for credentials.
-Enhanced protection for OTA firmware updates.
-Fixed DoS vulnerabilities in firewall configuration pages. Thanks to Jinghe Gao's contribution.
-Fixed DoS vulerabilities in httpd. Thanks to Howard McGreehan.
-Fixed information disclosure vulnerability. Thanks to Junxu (Hillstone Network Security Research Institute) contribution.
-Fixed CVE-2023-28702 and CVE-2023-28703. Thanks to Xingyu Xu(@tmotfl) contribution.
-Fixed null pointer dereference vulnerabilities. Thanks to Chengfeng Ye, Prism Research Group - cse hkust contribution.
Please unzip the firmware file first then check the MD5 code.
MD5: 3c73df598fd268bba7ab97cf3258e71e
1.Fixed CVE-2022-46871
2.Fixed Client DOM Stored XSS.
3.Improved AiMesh backhaul stability.
4.Fixed AiMesh topology UI bugs.
5.Fixed the reboot issue when assigning specific clients in VPN fusion.
6.Fixed the VPN fusion bug when importing the Surfshark WireGuard conf file.
7.Fixed network map bugs.
Please unzip the firmware file first then check the MD5 code.
MD5: 15fe09ba64aa0463f9ccc2b88a55f690
1. Improved system stability.
2. Fixed the IPsec VPN compatibility issue with Win10.
3. Fixed the VPN fusion user interface issues under the HTTPS connection.
4. Fixed Client DOM Stored XSS vulnerability.
5. Improved Wireguard performance.
Please unzip the firmware file first then check the MD5 code.
MD5: 44d14ee9510fa384c6b553dd4c097718
1. Optimized memory usage and improved system stability.
2. Fixed 2.5G port compatibility issues.
3. Fixed USB HDD compatibility issue with the Time machine.
4. Added a new web GUI login URL http://www.asusrouter.com
5. Fixed IPTV compatibility issue with Movistar.
6. Fixed VPN fusion, AiMesh, and Network map GUI bugs.
7. Fixed WAN compatibility issue with Starlink router.
8. Fixed miniupnpc vulnerabilities, CVE-2015-603, CVE-2017-1000494
9. Fixed IPSec server vulnerability, CVE-2022-40617
10. Improved connection speed with Verizon FIOS
Please unzip the firmware file first then check the MD5 code.
MD5: 82fb58213e09f954ce01cc0dc3ca4186
Improved 5GHz backhaul stability.
Please unzip the firmware file first then check the MD5 code.
MD5: 047808bccd6a1cd2cd16238e367c9c2a
Try more on ASUSWRT 2022 with new features at https://asus.click/ASUSWRT2022
1. Supported WireGuard VPN server and client.
2. Supported VPN fusion. It can easily achieve VPN connection to network devices like Smart TV, Game consoles and without installing the VPN client software.
3. Supported new devices connection notification.
4. Supported connection diagnostic on the ASUS router app.
5. Supported Instant Guard 2.0 which helps easily invite family or friends to join the VPN connection.
6. Upgraded parental control and added reward, new scheduler for flexible setting
7. Fixed USB icon issue in port status.
8. Fixed HTTP response splitting vulnerability. Thanks to Efstratios Chatzoglou, University of the Aegean.
9. Fixed status page HTML vulnerability. Thanks to David Ward.
10. Fixed CVE-2018-1160. Thanks to Steven Sroba.
11. Fixed cfg_server security issue.
Please unzip the firmware file first then check the MD5 code.
MD5: d87704f3d53898f19961b6085c621193
1. Fixed CVE-2018-1160 Thanks to Steven Sroba
2. Fixed anomalous 802.11 frame issues.
Thanks to Kari Hulkko and Tuomo Untinen from The Synopsys Cybersecurity Research Center (CyRC). Issue was found by using Defensics Fuzz Testing Tool.
3. Improved system stability.
4. Supported Safe Browsing in the router app to filter explicit content from search results. You can set it in the router app --> Devices or Family.
Please unzip the firmware file first then check the MD5 code.
MD5: 30eead8d89b9bb990604e568b53dced4
Fixed the AiMesh node connection issue if the WPA Pre-Share key is over 32 characters.
Please unzip the firmware file first then check the MD5 code.
MD5: 66cb3f933ceded6019aefffee6dd920a
1. Fixed OpenSSL CVE-2022-0778
2. Fixed CVE-2021-34174, CVE-2022-0778
3. Added more security measures to block malware.
4. Fixed Stored XSS vulnerability. Thanks to Milan Kyselica of IstroSec.
5. Fixed CVE-2022-23970, CVE-2022-23971, CVE-2022-23972, CVE-2022-23973, CVE-2022-25595, CVE-2022-25596, CVE-2022-25597, CVE-2022-26673, CVE-2022-26674, CVE-2022-26376
6. Added 3rd party DNS server list in WAN --> DNS to help users enhance the connection security.
Please unzip the firmware file first then check the MD5 code.
MD5: 52a35ebbe801c1ee58dc2d83cbdccd97
This beta version fixed someIoT compatibility issues.
Please download and unzip the firmware and Refer to "Method 2: Update Manually" in https://www.asus.com/support/FAQ/1008000 to update this firmware.
Please unzip the firmware file first then check the MD5 code.
MD5:bdb2b656513629c83af8b266257c0e6e
Security
- Fixed string format stacks vulnerability
- Fixed cross-site-scripting vulnerability
- Fixed informational vulnerability.
Thanks to Howard McGreehan.
-Fixed SQL injection vulnerability
-Fixed json file traversal vulnerability
-Fixed plc/port file traversal vulnerability
-Fixed stack overflow vulnerability
Thanks to HP of Cyber Kunlun Lab
-Fixed authenticated stored XSS vulnerability
Thanks to Luke Walker – SmartDCC
-Fixed LPD denial of service vulnerability
-Fixed cfgserver heap overflow vulnerability
-Fixed cfgserver denial of service vulnerability
Thanks to TianHe from BeFun Cyber Security Lab.
Added more ISP profile
Digi 1 - TM
Digi 2 - TIME
Digi 3 - Digi
Digi 4 - CTS
Digi 5 - ALLO
Digi 6 - SACOFA
Maxis - CTS
Maxis - SACOFA
Maxis - TNB/ALLO
Fixed AiMesh guest network issues.
Fixed DDNS issues where the WAN IP is IPv6
Fixed UI bugs in Administration --> feedback.
Fixed time zone error.
Improved the connection stability.
Please unzip the firmware file first then check the MD5 code.
MD5:f578a0940b97337f7f377d93f479c1c1
If your router's production year is 2022 or above, DO NOT downgrade to this versionPlease check the back label for the production year.
1.Fixed Let's encrypt bugs
2.Fixed httpd vulnerability
3.Fixed stack overflow vulnerability
4.Fixed DoS vunerability
Thanks for the contribution of Fans0n、le3d1ng、Mwen、daliy yang from 360 Future Security Labs
Please unzip the firmware file first then check the MD5 code.
MD5: 91e71250c4b906aba24eebff90bb917a
If your router's production year is 2022 or above, DO NOT downgrade to this version, Please check the back label for the production year.
- Improved system stability and fixed GUI issue
- This version includes several vulnerability patches.
BusyBox
- CVE-2016-2148
- CVE-2016-6301
- CVE-2018- 1000517
cURL
- CVE-2020-8169
- CVE-2019-5481
- CVE-2019-5482
- CVE-2018-1000120
- CVE-2018- 1000300
- CVE-2018-16839
Lighttpd
- CVE-2018-19052
Linux
- CVE-2020-14305
- CVE-2020-25643
- CVE-2019-19052
lldpd
- CVE-2020-27827
Avahi
- CVE-2017-6519
hostapd
- CVE-2021-30004
- CVE-2019-16275
OpenVPN
- CVE-2020-11810
- CVE-2020-15078
wpa
- CVE-2021-30004
- CVE-2021-27803
- CVE-2019-11555
- CVE-2019-9499
- CVE-2019-9498
- CVE-2019-9497
- CVE-2019-9496
- CVE-2019-9495
- CVE-2019-9494
- CVE-2017-13086
- CVE-2017-13084
- CVE-2017-13082
- CVE-2016-4476
- CVE-2015-8041
- Fixed DoS vulnerability from spoofed sae authentication frame. Thanks to Efstratios Chatzoglou, University of the Aegean, Georgios Kambourakis, European Commission at the European Joint Research Centre, and Constantinos Kolias, University of Idaho.
- Fixed Stored XSS vulnerability.
- Fixed CVE-2021-41435, CVE-2021-41436.
Thanks to Efstratios Chatzoglou, University of the Aegean
Georgios Kambourakis, European Commission at the European Joint Research Centre
Constantinos Kolias, University of Idaho.
- Fixed Stack overflow vulnerability. Thanks to Jixing Wang (@chamd5) contribution.
- Fixed information disclosure vulnerability .Thanks to CataLpa from DBappSecurity Co.,Ltd Hatlab and 360 Alpha Lab contribution.
Please unzip the firmware file first then check the MD5 code.
MD5: 95f2005a42b5ff93734352a9313b0757