AiMesh AC2900 WiFi System (RT-AC86U 2 Pack)
BIOS & FIRMWARE
- Driver & Tools
- BIOS & FIRMWARE
1. Strengthened input validation and data processing workflows to further protect information security.
2. Enhanced AiCloud password protection mechanisms, safeguarding against unauthorized access attempts.
3. Enhanced device security through improved buffer handling in connection features.
4. Refined data handling processes, ensuring secure and accurate information management.
5. Enhanced file access control mechanisms, promoting a more secure operating environment.
6. Strengthened certificate protection, providing enhanced data security.
Please unzip the firmware file, and then verify the checksum.
SHA256: af63aeb4ef335e2ebac521358103de451333b021ec82e59736854ae95a3424e0
- Fixed command injection vulnerability.
- Fixed the ARP poisoning vulnerability. Thanks to the contribution of Xin'an Zhou.
- Fixed code execution in custom OVPN. Thanks to the contrubution of Jacob Baines.
- Fixed the injection vulnerability in AiCloud.
- Fixed stack buffer overflow in lighttpd. Special thanks to Viktor Edstrom.
- Fixed CVE-2023-35720
- Fixed the code execution vulnerability in AiCloud. Thanks to the contribution of chumen77.
- Fixed the XSS and Self-reflected HTML injection vulnerability. Thanks to the contrubution of Redfox Cyber Security.
- Fixed CVE-2024-3079 and CVE-2024-3080. Thanks to the contribution of swing from Chaitin Security Research Lab.
*Please be advised that due to a security upgrade in AiMesh, we strongly recommend against downgrading to previous firmware versions, as this may lead to connection issues. Should you encounter any difficulties, resetting the AiMesh router to its default settings and re-establishing the mesh connection can resolve the problem.
Please unzip the firmware file, and then verify the checksum.
SHA256: f092a5b2a59a2ac6068dc219688d326d26115e97dfc97d64ad1b1cec515788f7
Security updates:
-Fixed the cfg server vulnerability.
-Fixed the vulnerability in the logmessage function CVE-2023-35086/ CVE-2023-35087.
-Fixed lighttpd vulnerability, CVE-2023-35720.
-Fixed several curl vulnerabilities including CVE-2023-28322, CVE-2023-28321, and CVE-2023-28319.
-Fixed FFmpeg vulnerabilities, specifically CVE-2022-3964, CVE-2022-48434, and CVE-2022-3109.
-Fixed OpenSSL vulnerability, CVE-2023-0464.
-Fixed ReadyMedia vulnerabilitym CVE-2020-28926.
-Fixed UPnP vulnerability CVE-2020-12695.
-Upgraded sqlighte and resolved CVE-2020-11656 / CVE-2019-19646 / CVE-2019-8457 / CVE-2020-11655 / CVE-2018-20505 / CVE-2019-16168 / CVE-2019-19645 / CVE-2020-13435 / CVE-2020-13631 / CVE-2020-13434
-Strengthened protection against SSH brute force attacks.
-Fixed CVE-2023-39239. Thanks to Swings and Wang Duo from Chaitin Security Research Lab , C0ss4ck from Bytedance Wuheng Lab, 费新程 from X1cT34m.
- Patched several command injection vulnerabilities, CVE-2023-38031, CVE-2023-38032, CVE-2023-38033,CVE-2023-39236,CVE-2023-39237, Thanks to Jincheng Wang from X1cT34m Laboratory of Nanjing University of Posts and Telecommunications
Please unzip the firmware file, and then verify the checksum.
SHA256: 6eb89b8a3b9ffb37bdd8bc3619210917a3afe2ccb92648ad15fbeabf2b751548
Security updates:
-Fixed DoS vulnerabilities in firewall configuration pages. Thanks to Jinghe Gao's contribution.
-Fixed DoS vulerabilities in httpd. Thanks to Howard McGreehan.
-Fixed information disclosure vulnerability. Thanks to Junxu (Hillstone Network Security Research Institute) contribution.
-Fixed CVE-2023-28702 and CVE-2023-28703. Thanks to Xingyu Xu(@tmotfl) contribution.
-Fixed null pointer dereference vulnerabilities. Thanks to Chengfeng Ye, Prism Research Group - cse hkust contribution.
Please unzip the firmware file first then check the MD5 code.
MD5: b40babdef507e16043ec4dfebdceb98f
1.Fixed HTTP response splitting vulnerability.
2.Fixed Samba related vulerabilities.
3.Fixed cfg server security issues.
4.Fixed Open redirect vulnerability.
5.Fixed token authentication security issues.
6.Fixed security issues on the status page.
7.Fixed XSS vulnerability.
8.Fixed CVE-2022-26376
9.Fixed CVE-2018-1160
10.Fixed IPv6-related bugs.
11.Added a new login URL http://www.asusrouter.com to fixed the login issues.
12.Optimize the AiMesh web interface
13.Fixed network map UI bugs
14.Fixed bugs related to Wi-Fi calling.
15.Supported web history record exported.
16.Fixed IPSec VPN server compatibility with Windows 10 VPN client.
17.Improved AiMesh connection stability.
18.Fixed IPTV issues.
Please unzip the firmware file first then check the MD5 code.
MD5: 9c55ed74c15323c29e0de1e106769107
1. Fixed OpenSSL CVE-2022-0778
2. Added more security measures to block malware.
3. Fixed Stored XSS vulnerability. Thanks to Milan Kyselica of IstroSec.
4. Fixed CVE-2022-23970, CVE-2022-23971, CVE-2022-23972, CVE-2022-23973, CVE-2022-25595, CVE-2022-25596, CVE-2022-25597
5. Added 3rd party DNS server list in WAN --> DNS to help users enhance the connection security.
Please unzip the firmware file first then check the MD5 code.
MD5:158b1ecf26e1a649d4b67555244d0976
Security
- Fixed string format stacks vulnerability
- Fixed cross-site-scripting vulnerability
- Fixed informational vulnerability.
Thanks to Howard McGreehan.
-Fixed SQL injection vulnerability
-Fixed json file traversal vulnerability
-Fixed plc/port file traversal vulnerability
-Fixed stack overflow vulnerability
Thanks to HP of Cyber Kunlun Lab
-Fixed authenticated stored XSS vulnerability
Thanks to Luke Walker – SmartDCC
-Fixed LPD denial of service vulnerability
-Fixed cfgserver heap overflow vulnerability
-Fixed cfgserver denial of service vulnerability
Thanks to TianHe from BeFun Cyber Security Lab.
-Fixed CVE-2021-34174, CVE-2022-23972, CVE-2022-23970, CVE-2022-23971, CVE-2022-23973
Added more ISP profile
Digi 1 - TM
Digi 2 - TIME
Digi 3 - Digi
Digi 4 - CTS
Digi 5 - ALLO
Digi 6 - SACOFA
Maxis - CTS
Maxis - SACOFA
Maxis - TNB/ALLO
Fixed AiMesh guest network issues.
Fixed DDNS issues where the WAN IP is IPv6
Fixed UI bugs in Administration --> feedback.
Fixed time zone error.
Improved the connection stability.
Fixed IPSecVPN issues.
Please unzip the firmware file first then check the MD5 code.
MD5:a1fec62f9b680833512bb6f7e2b5c2c7
This version includes several vulnerability patches.
BusyBox
- CVE-2016-2148
- CVE-2016-6301
- CVE-2018- 1000517
cURL
- CVE-2020-8169
- CVE-2019-5481
- CVE-2019-5482
- CVE-2018-1000120
- CVE-2018- 1000300
- CVE-2018-16839
Lighttpd
- CVE-2018-19052
Linux
- CVE-2020-14305
- CVE-2020-25643
- CVE-2019-19052
lldpd
- CVE-2020-27827
Avahi
- CVE-2017-6519
hostapd
- CVE-2021-30004
- CVE-2019-16275
OpenVPN
- CVE-2020-11810
- CVE-2020-15078
wpa
- CVE-2021-30004
- CVE-2021-27803
- CVE-2019-11555
- CVE-2019-9499
- CVE-2019-9498
- CVE-2019-9497
- CVE-2019-9496
- CVE-2019-9495
- CVE-2019-9494
- CVE-2017-13086
- CVE-2017-13084
- CVE-2017-13082
- CVE-2016-4476
- CVE-2015-8041
- Fixed envrams exposed issue. Thanks to Quentin Kaiser from IoT Inspector Research Lab contribution.
- Fixed Stored XSS vulnerability.
- Fixed CVE-2021-41435, CVE-2021-41436.
Thanks to Efstratios Chatzoglou, University of the Aegean
Georgios Kambourakis, European Commission at the European Joint Research Centre
Constantinos Kolias, University of Idaho.
- Fixed Stack overflow vulnerability. Thanks to Jixing Wang (@chamd5) contribution.
- Fixed information disclosure vulnerability .Thanks to CataLpa from DBappSecurity Co.,Ltd Hatlab and 360 Alpha Lab contribution.
- Fixed httpd and Cfg server DoS vulnerability
Thanks to Wei Fan from NSFOCUS GeWuLAB.
- Fixed stack overflow vulnerability
- Fixed DoS vulnerability
Thanks for the contribution of Fans0n, le3d1ng, Mwen, daliy yang from 360 Future Security Labs
Please unzip the firmware file first then check the MD5 code.
MD5:c924f36ddba3fcaab42513f01a989483
1. Improved system stability.
2. Add JPNE v6plus support. (Beta release)
3. Added Auto firmware upgrade in Administration-->Firwmare Upgrade
4. Fixed envrams exposed issue. Thanks for Quentin Kaiser from IoT Inspector Research Lab contribution.
Please unzip the firmware file first then check the MD5 code.
MD5: 798c182f86cbf8d6ce171a864bc79be5
1. Fixed CVE-2021-3450, CVE2021-3449 OpenSSL related vulnerability.
2. Fixed authentication bypass vulnerability. Special thank Chris Bellows, Darren Kemp – Atredis Partners contribution.
3. Fixed PPTP and OpenVPN server username/password GUI bug.
4. Fixed high CPU utilization issue.
5. Fixed the fragattacks vulnerability.
Please unzip the firmware file first then check the MD5 code.
MD5: 3c8e995a903ab94877359f6e3b26482d
Security Fixed:
Fixed CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686
Please be noted this is a quick fix beta version for DNSmasq vulnerabilities. Refer to "Method 2: Update Manually" in https://www.asus.com/support/FAQ/1008000 to update this firmware.
Please unzip the firmware file first then check the MD5 code.
MD5: 0231b2391f86615a4314e151f4ecd21d
New features
1. AiMesh 2.0
- System optimization: one click in AiMesh to optimize the topology
- System Ethernet backhaul mode, all nodes will only connect by ethernet, all bands will be released for wireless clients.
- System factory default and reboot.
- Client device reconnect, make the device to offline and online again.
- Client device binding to specific AP.
- Guest WiFi on all Mesh nodes (all node need to upgrade to 3.0.0.4.386 firmware)
- Access nodes USB application.
Connection priority and Ethernet backhaul mode introduction
https://www.asus.com/support/FAQ/1044184
How to setup ASUS AiMesh or ZenWiFi Mesh Ethernet backhaul under different conditions
https://www.asus.com/support/FAQ/1044151/
2. New Family interface in ASUS router App.
ASUS Router App for iOS must greater or equal to iOS v1.0.0.5.75
Android version greater or equal to v1.0.0.5.74
3. The unit of the WiFi time scheduler goes to 1 minute.
4. Support IPSec IKE v1 and IKE v2, and you can use the Windows 10 native VPN client program to connect to the router's IPSec VPN server. The Windows 10 new FAQ is in https://www.asus.com/support/FAQ/1033576
5. 2.4 and 5G on the network map could be configured in the same tab.
6. Captcha for login can be disabled in administration -> system.
7. Printer server port can be disabled on the USB app page.
8. Clients which connect to the guest network can be viewed in the network map -->view list --> interface
Please unzip the firmware file first then check the MD5 code.
MD5: a707219b5944bc0b55098a4c7fe781f5
- Fixed buffer overflow vulnerability
- Fixed wireless performance drop issue after send the feedback.
- Fixed static WAN IP connection issues.
Please unzip the firmware file first then check the MD5 code.
MD5: 2788c2f2e211e7396dc5004ce5226797
Security update
- Fixed CVE-2020-12695 (CallStranger)
- Fixed Reflected XSS vulnerability.
- Fixed Directory traversal vulnerability.
- Fixed CVE-2017-15653.
The update server transport layer security was upgraded and the old protocol was removed.
If your router firmware version is lower than 3.0.0.4.384.81352, please refer to the "Update Manually" section in https://www.asus.com/support/FAQ/1008000 to update the firmware.
This version has more security processes. If you want to rollback to the previous version, please do a factory default reset.
Please unzip the firmware file first then check the MD5 code.
MD5: c4d70d592c735c935d711b05908de05c
- Fixed Let's encrypt certification renew bugs.
- Improved web history page loading speed.
- Fixed OpenVPN related bugs
Please unzip the firmware file first then check the MD5 code.
MD5: c9ee3cbfc16ca9ecd9eed0561fa1145b
- Fixed game setting page UI bugs.
- Fixed AiCloud share link bugs.
- Fixed AiCloud connection bugs with AiMusic App.
- Fixed Cloud sync bugs.
- VPN clients can be turned on/off by the ASUS router app.
- Fixed offline client removing problem with ASUS router app.
- In the previous version, the certificate for https login needed to be installed again after system reboot, and this version fixed this problem.
- Adaptive QoS supported more apps
Work-From-Home: WeChat Work®, RescueAssist, Tencent/VooV Meeting®
Learn-From-Home: LinkedIn Learning®, Binkist®, Skillshare®, edX®
Media Streaming: SiriusXM®, Bilibili®
Indoor training: The Sufferfest®, Bkool Fitness®, TrainerRoad®, Rouvy®
Please unzip the firmware file first then check the MD5 code.
MD5: 892a6e8a8c4e27bdd1c7ff2bfbd92df6
- Improved connection stability.
- Optimized CPU utilization.
- Fixed some UI bugs.
- Fixed login bugs.
- Support router certificate export. After import the certificate to the computer you will not see the warning message when login with https.Please refer to https://www.asus.com/us/support/FAQ/1034294/
Please unzip the firmware file first and then check the MD5 code.
MD5: dc2cfb7297d8089b4f6022d0105313bc
1. Update Adaptive QoS categories: Help you to prioritize the mission-critical applications
Those people who work-from-home & learn-from-home will greatly benefit from this new feature with optimized streaming experiences.
New Supported Categories & Apps:
- Video conferencing, including Microsoft Teams®, ZOOM®, Skype®, Google Hangouts®, BlueJeans®
- Online learning, including Khan academy®, Udemy®, Coursera®, TED®, VIPKiD®, 51Talk®, XDF®, Xueersi®
- Streaming, including YouTube®, Netflix®, HBO NOW®, Amazon Prime Video®, Disney+®, ESPN®, MLB.com®, iQIY®
- Indoor training, including Zwift®, Peloton®, Onelap®
Stay tuned and more apps are coming to the list soon!
2. Support Mobile Game Mode
- One-click prioritizing your mobile device to the highest and ensure you the best mobile gaming experiences.
- Install/Update ASUS Router App (Android supports later than 1.0.0.5.44; iOS supports later than 1.0.0.5.41)
Please unzip the firmware file first and then check the MD5 code.
MD5: e50909a33311f80b922c61d6edcfd7bd
- Fixed CVE-2019-15126 (Kr00k) vulnerability.
Please unzip the firmware file first then check the MD5 code.
MD5: c92351241c287643bd39832de852977e
- Fixed a DDoS vulnerability.
- Fixed Let's Encrypt related bugs.
- Fixed folder creating bugs in Samba.
- Fixed dual wan failover bugs while the primary wan type is L2TP.
Please unzip the firmware file first then check the MD5 code.
MD5: 2b73b992d0ea657cae03a918e31a27ad
Security fix
- Fixed a DDoS vulnerability. Thanks for Altin Thartori's contribution.
Bug fix
- Fixed web control interface login problem.
- Fixed Network map clist list issues.
- Fixed block internet access problem when clients connected to AiMesh node
- Fixed Samba server compatibility issue.
- Fixed OpenVPN related bugs.
- Fixed schedule reboot bugs.
- Improved AiMesh compatibility.
- Improved system stability.
Please unzip the firmware file first then check the MD5 code.
MD5: f09ec9bf293979e8ebe8a8c5bda6317b
- Fixed DDoS vulnerability.
- Fixed AiCloud vulnerability. Thanks for Matt Cundari's contribution.
- Fixed command injection vulnerability. Thanks for S1mba Lu's contribution.
- Fixed buffer overflow vulnerability. Thanks for Javier Aguinaga's contribution.
Please unzip the firmware file first then check the MD5 code.
MD5: 03041f5d8987efc3bc64a63efe2a979f
Security Fix
- Fixed CVE-2018-20334
- Fixed CVE-2018-20336
- Fixed null pointer issue. Thanks for CodeBreaker of STARLabs’ contribution.
- Fixed AiCloud buffer overflow vulnerability. Thanks for Resecurity International's contribution.
Bug Fix
- Fixed AiMesh LAN IP issue when router using IPv6 WAN.
- Fixed AIMesh connection issues.
- Fixed Network Map related issues.
- Fixed Download Master icon disappear issue.
- Fixed LAN LED not blinking problem.
- Fixed browser no response problem when enabled Traffic analyzer.
- Fixed wireless mac filter input issue.
Please unzip the firmware file first then check the MD5 code.
MD5: 3572b70885cc2a54751ca17aaaa479e9
AiMesh
- Improved AiMesh stability
- Lyra, Lyra Mini, and Lyra Trio can be added as AiMesh node into RT-AC86U network.
Please refer to https://www.asus.com/support/FAQ/1038071 for more detail.
Security
- Fixed CVE-2018-14710, CVE-2018-14711, CVE-2018-14712, CVE-2018-14713, CVE-2018-14714. Thanks for Rick Ramgattie's contribution.
- Fixed AiCloud/ Samba account vulnerability. Thanks for Matthew Cundari's contribution.
- Fixed DoS vulnerability. Thanks for Ruikai Liu's contribution.
- Fixed CVE-2018-17020, CVE-2018-17021, CVE-2018-17022.
- Fixed stored XSS vulnerability. Thanks for Duda Przemyslaw's contribution.
- Updated OpenSSL library.
Bug fixes and improvement
- Improved wireless stability.
- Modified “Dual Wan” user interface.
- Modified “Port Forwarding” user interface.
- Modified “Restore” user interface.
- Fixed GUI bugs on user feedback page.
- Fixed “Adaptive QoS” bugs.
Please unzip the firmware file first then check the MD5 code.
MD5: 1ca78fe37882cac19fbf9c5a50cb2c0f
Fixed WIFI stability issue.
Please unzip the firmware file first then check the MD5 code.
MD5: ac2a2fe7132a9567fa8c17ff5c157b71
AiMesh new features
- Supported creating mesh system with new router, BlueCave.
- Added Roaming block list in Advanced Settings --> Wireless.
You can add devices into block list and this device will not be roamed between AiMesh nodes.
- Supported ethernet onboarding. User can use ethernet cable.
You can use ethernet cable to connect AiMesh router LAN port and AiMesh node WAN port first and run the adding node process to build the mesh system.
Security fixes.
- Fixed Reflected XSS vulnerability.
- Fixed CSRF vulnerability.
- Fixed command injection vulnerability.
- Fixed stack buffer overflow vulnerability.
Thanks for Rick Ramgattie contribution.
Fixed Adaptive QoS upload bandwidth setting issue.
Fixed 4-wires ethernet cable compatibility issues.
Fixed USB hard drive over 2TB compatibility issues.
Fixed Samba/FTP folder permission issues.
Added USB3.0/2.0 mode switch setting in Administration --> System --> USB Settings.
Please unzip the firmware file first then check the MD5 code.
MD5: 0d22564746bd9d10251624c72475058e
- [DDNS] Modified the procedure of DDNS service register under dual wan load balance mode
- [WAN] Modified detect logic of internet connection
- [AiMesh] Fixed AiMesh onboarding unsuccessfully once smart connect is enabled
- [AiMesh] Modified AiMesh nodes notification procedure
- [GUI] Fixed AiProtection GUI bugs.
- [GUI] Updated OpenVPN server FAQ URL.
Please unzip the firmware file first then check the MD5 code.
MD5: caf32b5ead8501a0dbb7926e37be335a