RT-AC66U
BIOS & FIRMWARE
- Driver & Tools
- BIOS & FIRMWARE
1.Strengthened system code execution processes.
2.Enhanced AiCloud password protection mechanisms, safeguarding against unauthorized access attempts.
3.Refined input validation in the web interface, ensuring a more secure web interaction environment.
4.Improved data export functionality in the admin portal, ensuring accurate and secure handling of client information.
5.Optimized memory management mechanisms, improving system stability.
6.Improved system buffer management, ensuring reliable data processing workflows.
7.Enhanced stack buffer management, promoting greater system stability.
Please unzip the firmware file, and then verify the checksum.
SHA256: bd14732261974a9a326e5913002e9f908db7598085b14a2f9ee988e66976203b
1. Optimized memory management mechanisms, improving system efficiency and stability.
2. Strengthened input validation and data processing workflows, further protecting your information security.
3. Improved web rendering engine, enhancing browsing experience and security.
4. Enhanced security of system command processing to guard against potential malicious operations.
5. Perfected JavaScript-related security mechanisms, offering a more secure web interaction environment.
Please unzip the firmware file, and then verify the checksum.
SHA256: fd99be60940134fdb63d689f3b4476de5d13d593da12ae49b985394ef09156c6
Security Fixed:
Fixed CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686
Please be noted this is a quick fix beta version for DNSmasq vulnerabilities. Refer to "Method 2: Update Manually" in https://www.asus.com/support/FAQ/1008000 to update this firmware.
Please unzip the firmware file first then check the MD5 code.
MD5: 8005a652d488386e5f99367a170885a4
- Fixed CVE-2020-12695 (CallStranger)
- Fixed Reflected XSS vulnerability.
- Fixed Directory traversal vulnerability.
- Fixed CVE-2017-15653.
Please unzip the firmware file first then check the MD5 code.
MD5: cf553ed9a9bdba773204d3479d4080b8
- Fixed CVE-2018-20334
- Fixed CVE-2018-20336
- Fixed null pointer issue.
- Fixed DDoS vulnerability.
- Fixed command injection vulnerability.
- Fixed buffer overflow vulnerability.
- Updated OTA function.
Please unzip the firmware file first then check the MD5 code.
MD5: d826c8690a555c6b8771d56d9721241f
- Fixed a DDoS vulnerability
Please unzip the firmware file first then check the MD5 code.
MD5: 8d503c3d4bf34578acc16ddfeb09cb83
- Fixed firmware update notification bugs.
- Fixed dual wan user interface bugs.
Please unzip the firmware file first then check the MD5 code.
MD5: b86747a92cbeb3e875890cc18aa5a6ac
Security Fix
- Fixed DDoS vulnerability.
- Fixed AiCloud vulnerability. Thanks for Matt Cundari's contribution.
- Fixed command injection vulnerability. Thanks for S1mba Lu's contribution.
- Fixed buffer overflow vulnerability. Thanks for Javier Aguinaga's contribution.
- Fixed CVE-2018-20334
- Fixed CVE-2018-20336
- Fixed null pointer issue. Thanks for CodeBreaker of STARLabs’ contribution.
- Fixed AiCloud buffer overflow vulnerability. Thanks for Resecurity International's contribution.
Please unzip the firmware file first then check the MD5 code.
MD5: c1448ef95d65b8e08b7a38dde53394c9
- Support multi-language (UTF-8) network name
(Windows XP and Windows 7 do not support UTF-8 format SSID. These two OS may see gibberish if using multi-language SSID.)
- Improved system stability.
- Improved compatibility for IntelⓇ CentrinoⓇ 802.11ac card.
- Fixed XSS vulnerability. Thanks to Yonghui Han of Fortinet's FortiGuard Labs.
- Fixed CVE-2018-8877, CVE-2018-8878, CVE-2018-8879
- Fixed plain text password vulnerability in lighttpd.
- Modified Quick Internet Setup wizard process.
- Main SSID and guest network can hide independently.
- Fixed AiCloud login issue.
Please unzip the firmware file first then check the MD5 code.
MD5: 06bce3dbe93c5db13f2d8ecea3b912fc
- Fixed information disclosure vulnerability. Thanks to Haitan Xiang and Fand Wang.
- Fixed CVE-2018-5721 Stack-base buffer overflow vulnerability
- Fixed CVE-2018-8826 remote code code execution vulnerability. Thanks to Chris Wood.
- Fixed CVE-2018-5999 HTTP authorization bypass and CVE-2018-6000. An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program
- Fixed remote code execution vulnerability. Thanks to David Maciejak of Fortinet's FortiGuard Labs
- Fixed CVE-2017-14491: DNS - 2 byte heap based overflow
- Fixed CVE-2017-14492: DHCP - heap based overflow
- Fixed CVE-2017-14493: DHCP - stack based overflow
- Fixed CVE-2017-14494: DHCP - info leak
- Fixed CVE-2017-14495: DNS - OOM DoS
- Fixed CVE-2017-14496: DNS - DoS Integer underflow
- Fixed CVE-2017-13704: Bug collision
- Fixed AiCloud 2.0 Reflected XSS Vulnerability. Thanks to Guy Arazi and Niv Levi contribution.
Thanks to Guy Arazi for following vulnerabilities.
- AiCloud 2.0 Stored XSS Share link manager.
- AiCloud 2.0 Reflected XSS - "share a link"
- Download Master HTTP service DoS vulnerability.
- Download Master Reflected XSS Main login.
Please unzip the firmware file first then check the MD5 code.
MD5: 58e62e7543c0a7c5f7d5f6ce12f7acc3