RT-AC68W
BIOS & FIRMWARE
- Driver & Tools
- BIOS & FIRMWARE
Please unzip the firmware file, and then verify the checksum.
SHA256: 37449940705969710ae1048d47a30627748528628d03d8306ae52f1c81cf8b27
1. Strengthened input validation and data processing workflows to further protect information security.
2. Enhanced AiCloud password protection mechanisms, safeguarding against unauthorized access attempts.
3. Enhanced device security through improved buffer handling in connection features.
4. Refined data handling processes, ensuring secure and accurate information management.
5. Enhanced file access control mechanisms, promoting a more secure operating environment.
6. Strengthened certificate protection, providing enhanced data security.
- Fixed command injection vulnerability.
- Fixed the ARP poisoning vulnerability. Thanks to the contribution of Xin'an Zhou.
- Fixed code execution in custom OVPN. Thanks to the contrubution of Jacob Baines.
- Fixed the injection vulnerability in AiCloud.
- Fixed stack buffer overflow in lighttpd. Special thanks to Viktor Edstrom.
- Fixed CVE-2023-35720
- Fixed the code execution vulnerability in AiCloud. Thanks to the contribution of chumen77.
- Fixed the XSS and Self-reflected HTML injection vulnerability. Thanks to the contrubution of Redfox Cyber Security.
*Please be advised that due to a security upgrade in AiMesh, we strongly recommend against downgrading to previous firmware versions, as this may lead to connection issues. Should you encounter any difficulties, resetting the AiMesh router to its default settings and re-establishing the mesh connection can resolve the problem.
Please unzip the firmware file, and then verify the checksum.
SHA256: aded7987b384440cffc24755a9e5005d09174bf4d2836ba8e50c3bca8866b755
1. Resolved an issue causing excessive log generation due to bwdpi issue.
2. Fixed a potential issue causing higher CPU utilization.
Please unzip the firmware file, and then verify the checksum.
SHA256: 098ff2e48b60a2a97f6175257af15faac124802a8da94823dbf7bc1589a304ee
Bug fixes and functionality modifications:
-Resolved the issue with login and password changes.
-Fixed the issue where Traffic Analyzer sometimes couldn't record data.
Security updates:
-Enabled and supported ECDSA certificates for Let's Encrypt.
-Enhanced protection for credentials.
-Enhanced protection for OTA firmware updates.
-Fixed DoS vulnerabilities in firewall configuration pages. Thanks to Jinghe Gao's contribution.
-Fixed DoS vulerabilities in httpd. Thanks to Howard McGreehan.
-Fixed information disclosure vulnerability. Thanks to Junxu (Hillstone Network Security Research Institute) contribution.
-Fixed CVE-2023-28702 and CVE-2023-28703. Thanks to Xingyu Xu(@tmotfl) contribution.
-Fixed null pointer dereference vulnerabilities. Thanks to Chengfeng Ye, Prism Research Group - cse hkust contribution.
-Fixed the cfg server vulnerability. Thanks to Swing and Wang Duo from Chaitin Security Research Lab.
-Fixed the vulnerability in the logmessage function. Thanks to Swing and Wang Duo from Chaitin Security Research Lab C0ss4ck from Bytedance Wuheng Lab, Feixincheng from X1cT34m.
Please unzip the firmware file, and then verify the checksum.
SHA256: 6040822e6ab3d1bafc756fb038c2f3559aa1004a2af2d2bc52684f39004a2f65
1.Fixed HTTP response splitting vulnerability.
2.Fixed Samba related vulerabilities.
3.Fixed cfg server security issues.
4.Fixed Open redirect vulnerability.
5.Fixed token authentication security issues.
6.Fixed security issues on the status page.
7.Fixed XSS vulnerability.
8.Fixed CVE-2022-26376
9.Fixed CVE-2018-1160
10.Fixed IPv6-related bugs.
11.Added a new login URL http://www.asusrouter.com to fixed the login issues.
12.Optimize the AiMesh web interface
13.Fixed network map UI bugs
14.Fixed bugs related to Wi-Fi calling.
15.Supported web history record exported.
16.Fixed IPSec VPN server compatibility with Windows 10 VPN client.
17.Improved AiMesh connection stability.
18.Fixed IPTV issues.
19. Fixed CVE-2022-35401 authentication bypass vulnerability.
20. Fixed CVE-2022-38105 information disclosure vulnerability in CM process.
21. Fixed CVE-2022-38393 DoS vulnerability in cfg_server.
Please unzip the firmware file first then check the MD5 code.
MD5: 1db86bb601019bd30fa73f011fd33fab
1. Fixed CVE-2018-1160. Thanks to Steven Sroba
2. Fixed CVE-2022-26376.
3. Improved system stability.
4. Added 3rd party DNS server list in WAN --> DNS to help users enhance the connection security.
Please unzip the firmware file first then check the MD5 code.
MD5: df22d37f18b8595d953dafd14da92b74
1. Fixed OpenSSL CVE-2022-0778
2. Added more security measures to block malware.
3. Fixed Stored XSS vulnerability. Thanks to Milan Kyselica of IstroSec.
4. Fixed CVE-2022-23970, CVE-2022-23971, CVE-2022-23972, CVE-2022-23973, CVE-2022-CVE-2022-25595, CVE-2022-25596, CVE-2022-25596,
5. Added 3rd party DNS server list in WAN --> DNS to help users enhance the connection security.
Please unzip the firmware file first then check the MD5 code.
MD5:366f408000cad142bc51eff791ff79fc
Security
- Fixed string format stacks vulnerability
- Fixed cross-site-scripting vulnerability
- Fixed informational vulnerability.
Thanks to Howard McGreehan.
-Fixed SQL injection vulnerability
-Fixed json file traversal vulnerability
-Fixed plc/port file traversal vulnerability
-Fixed stack overflow vulnerability
Thanks to HP of Cyber Kunlun Lab
-Fixed authenticated stored XSS vulnerability
Thanks to Luke Walker – SmartDCC
-Fixed LPD denial of service vulnerability
-Fixed cfgserver heap overflow vulnerability
-Fixed cfgserver denial of service vulnerability
Thanks to TianHe from BeFun Cyber Security Lab.
Added more ISP profile
Digi 1 - TM
Digi 2 - TIME
Digi 3 - Digi
Digi 4 - CTS
Digi 5 - ALLO
Digi 6 - SACOFA
Maxis - CTS
Maxis - SACOFA
Maxis - TNB/ALLO
Fixed AiMesh guest network issues.
Fixed DDNS issues where the WAN IP is IPv6
Fixed UI bugs in Administration --> feedback.
Fixed time zone error.
Please unzip the firmware file first then check the MD5 code.
MD5:33b491c21c167a8beec2f450aafe1bc2
1. Fixed Let's encrypt related bugs.
2. Fixed httpd vulnerability
3. Fixed stack overflow vulnerability
4. Fixed DoS vulnerability
Thanks for the contribution of Fans0n、le3d1ng、Mwen、daliy yang from 360 Future Security Labs
5. Fixed AiMesh web page multi-language issues.
6. Fixed Stored XSS vulnerability.
7. Fixed CVE-2021-41435, CVE-2021-41436.
Thanks to Efstratios Chatzoglou, University of the Aegean
Georgios Kambourakis, European Commission at the European Joint Research Centre
Constantinos Kolias, University of Idaho.
8. Fixed Stack overflow vulnerability. Thanks to Jixing Wang (@chamd5) contribution.
9. Fixed information disclosure vulnerability .Thanks to CataLpa from DBappSecurity Co.,Ltd
Hatlab and 360 Alpha Lab contribution.
10.Fixed XSS vulnerability
11.Fixed SQL injection vulnerability
12.Fixed PLC path traversal vulnerability
13.Fixed Stack overflow vulnerability
Thanks to HP of Cyber Kunlun Lab
Please unzip the firmware file first then check the MD5 code.
MD5:eb76e99e0044ae494567b2107ae14b6f
- Fixed GUI bug
Please unzip the firmware file first then check the MD5 code.
MD5: 7223f4dc79dadde37835b90dc7fe0def
1.Fixed the FragAttack vulnerability.
2.Fixed DoS vulnerability. Thanks for Tsinghua University NISL's contribution.
3.Improved system stability.
4.Fixed GUI bugs.
5.Security Fixed: CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686
Please unzip the firmware file first then check the MD5 code.
MD5: d5a0acb8cabcf912680f455025aedc7d
Security Fixed:
Fixed CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686
Please be noted this is a quick fix beta version for DNSmasq vulnerabilities. Refer to "Method 2: Update Manually" in https://www.asus.com/support/FAQ/1008000 to update this firmware.
Please unzip the firmware file first then check the MD5 code.
MD5: 75fe5cd89394e41d177f423d0d991bc2
1. Fixed Let’s Encrypt not working properly.
2. Added IPTV supports for specific region.
3. Fixed parental control issues.
4. Fixed pre-auth RCE chain through arbitrary file write, special thanks for Robert Chen's contribution
This firmware add more security protection for configuration.
If you want to manually downgrade to previously version, please reset the router to default after downgraded.
Please unzip the firmware file first then check the MD5 code.
MD5: 97e1195fa52299f874f44fb337ed60c7
New Feature
1. AiMesh 2.0
- System optimization: one click in AiMesh to optimize the topology
- System Ethernet backhaul mode, all nodes will only connect by ethernet, all bands will be released for wireless clients.
- System factory default and reboot.
- Client device reconnect, make the device to offline and online again.
- Client device binding to specific AP.
- Guest WiFi on all Mesh nodes (all node need to upgrade to 3.0.0.4.386 firmware)
- Access nodes USB application.
Connection priority and Ethernet backhaul mode introduction
https://www.asus.com/support/FAQ/1044184
How to setup ASUS AiMesh or ZenWiFi Mesh Ethernet backhaul under different conditions
https://www.asus.com/support/FAQ/1044151/
2. New Family interface in ASUS router App.
ASUS Router App for iOS must greater or equal to iOS v1.0.0.5.75
Android version greater or equal to v1.0.0.5.74
3. The unit of the WiFi time scheduler goes to 1 minute.
4. 2.4 and 5G on the network map could be configured in the same tab.
5. Captcha for login can be disabled in administration -> system.
6. Printer server port can be disabled on the USB app page.
7. Clients which connect to the guest network can be viewed in the network map -->view list --> interface
Please unzip the firmware file first then check the MD5 code.
MD5: 6d9ea61699a985645d83edf0b415476a
- Fixed RCE vulnerability.
Please unzip the firmware file first then check the MD5 code.
MD5: 801853d717df8323ca56a4c6ccff968a
- Fixed multi language issues
Please unzip the firmware file first then check the MD5 code.
MD5: ba7ef83a637a9185fff2b336abe2f64b
Security update
- Fixed CVE-2020-12695 (CallStranger)
- Fixed Reflected XSS vulnerability.
- Fixed Directory traversal vulnerability.
- Fixed CVE-2017-15653.
The update server transport layer security was upgraded and the old protocol was removed.
If your router firmware version is lower than 3.0.0.4.385.20253, please refer to the "Update Manually" section in https://www.asus.com/support/FAQ/1008000 to update the firmware.
Please unzip the firmware file first then check the MD5 code.
MD5: 011ea1c128d797ec7968f4b3fa94a1df
- Fixed Let's encrypt certification renew bugs.
- Improved web history page loading speed.
- Fixed OpenVPN related bugs
Please unzip the firmware file first then check the MD5 code.
MD5: f3b5a7acd2e694ee80d47d3a259dff07
- Improved connection stability.
- Optimized CPU utilization.
- Fixed some UI bugs.
- Fixed login bugs.
- Support router certificate export. After import the certificate to the computer you will not see the warning message when login with https.Please refer to https://www.asus.com/us/support/FAQ/1034294/
Please unzip the firmware file first and then check the MD5 code.
MD5: 2423b6e882ff82ce8638e7f13893f5b4
1. Update Adaptive QoS categories: Help you to prioritize the mission-critical applications
Those people who work-from-home & learn-from-home will greatly benefit from this new feature with optimized streaming experiences.
New Supported Categories & Apps:
- Video conferencing, including Microsoft Teams®, ZOOM®, Skype®, Google Hangouts®, BlueJeans®
- Online learning, including Khan academy®, Udemy®, Coursera®, TED®, VIPKiD®, 51Talk®, XDF®, Xueersi®
- Streaming, including YouTube®, Netflix®, HBO NOW®, Amazon Prime Video®, Disney+®, ESPN®, MLB.com®, iQIY®
- Indoor training, including Zwift®, Peloton®, Onelap®
Stay tuned and more apps are coming to the list soon!
2. Support Mobile Game Mode
- One-click prioritizing your mobile device to the highest and ensure you the best mobile gaming experiences.
- Install/Update ASUS Router App (Android supports later than 1.0.0.5.44; iOS supports later than 1.0.0.5.41)
Please unzip the firmware file first and then check the MD5 code.
MD5: ffcdbf2a16c677f1a8068f7c1e4cb466
- Fixed CVE-2019-15126 (Kr00k) vulnerability.
Please unzip the firmware file first then check the MD5 code.
MD5: 5c928d4e1e39da39170633793acc78e1
- Fixed the firmware update problem in some special conditions.
- Fixed UI bugs.
Please unzip the firmware file first then check the MD5 code.
MD5: 272c8798b7d2093b0f398b1780ac52a9
- Improved wireless stability
Please unzip the firmware file first then check the MD5 code.
MD5: f1562520129ef1f00a242250971bf3f3
- Fixed firmware update issues.
Please unzip the firmware file first then check the MD5 code.
MD5: 08d9267b41e4591beff49e4a78c15670
- Fixed a DDoS vulnerability.
- Fixed Let's Encrypt related bugs.
- Fixed folder creating bugs in Samba.
- Fixed dual wan failover bugs while the primary wan type is L2TP.
Please unzip the firmware file first then check the MD5 code.
MD5: d4b05802468b71f7510c3daeaa7fed4d
Security fix
- Fixed a DDoS vulnerability. Thanks for Altin Thartori's contribution.
Bugfix
- Fixed EU 5GHz SSID disappear problems in EU model.
- Fixed Network map client list issues.
- Fixed block internet access problem when clients connected to AiMesh node
- Fixed Samba server compatibility issue.
- Fixed OpenVPN related bugs.
- Fixed schedule reboot bugs.
- Improved AiMesh compatibility.
- Improved system stability.
Please unzip the firmware file first then check the MD5 code.
MD5: 5afa4e16025a03239817d36c1604c04d
- Fixed DDoS vulnerability.
- Fixed AiCloud vulnerability. Thanks for Matt Cundari's contribution.
- Fixed command injection vulnerability. Thanks for S1mba Lu's contribution.
- Fixed buffer overflow vulnerability. Thanks for Javier Aguinaga's contribution.
Please unzip the firmware file first then check the MD5 code.
MD5: 86e4354536e6a11b2f7a02936094482a
Bug Fix
- Fixed browser no response problem when enabled Traffic analyzer.
- Fixed VLAN bug for Movistar.
- Fixed the problem which causes lots of SQUASHFS error in system log.
Please unzip the firmware file first then check the MD5 code.
MD5: 1029c47675545caca1723b0a53ac6956
Security Fix
- Fixed CVE-2018-20334
- Fixed CVE-2018-20336
- Fixed null pointer issue. Thanks for CodeBreaker of STARLabs’ contribution.
- Fixed AiCloud buffer overflow vulnerability. Thanks for Resecurity International's contribution.
Bug Fix
- Fixed AiMesh LAN IP issue when router using IPv6 WAN.
- Fixed AIMesh connection issues.
- Fixed Network Map related issues.
- Fixed Download Master icon disappear issue.
- Fixed LAN PC cannot find router name in My Network Places when enabling Samba service.
- Fixed LAN LED not blinking problem.
Please unzip the firmware file first then check the MD5 code.
MD5: ce1dc4c44b042a452ff368c20ae0dc53
AiMesh
- Improved AiMesh stability
- Lyra, Lyra Mini, and Lyra Trio can be added as AiMesh node into RT-AC68 series model network.
Please refer to https://www.asus.com/support/FAQ/1038071 for more detail.
Security
- Fixed CVE-2018-14710, CVE-2018-14711, CVE-2018-14712, CVE-2018-14713, CVE-2018-14714. Thanks for Rick Ramgattie's contribution.
- Fixed AiCloud/ Samba account vulnerability. Thanks for Matthew Cundari's contribution.
- Fixed DoS vulnerability. Thanks for Ruikai Liu's contribution.
- Fixed CVE-2018-17020, CVE-2018-17021, CVE-2018-17022.
- Fixed stored XSS vulnerability. Thanks for Duda Przemyslaw's contribution.
- Updated OpenSSL library.
Bug fixes and improvement
- Improved wireless stability.
- Modified “Dual Wan” user interface.
- Modified “Port Forwarding” user interface.
- Modified “Restore” user interface.
- Fixed GUI bugs on user feedback page.
- Fixed “Adaptive QoS” bugs.
Please unzip the firmware file first then check the MD5 code.
MD5: b14c93ea7c5ebbde8270f4ee5a76a36e
Fixed WIFI stability issue.
Please unzip the firmware file first then check the MD5 code.
MD5: 1fd079bd8633106f41a0395fb45c2758
AiMesh new features
- Supported creating mesh system with new router, BlueCave.
- Added Roaming block list in Advanced Settings --> Wireless.
You can add devices into block list and this device will not be roamed between AiMesh nodes.
- Supported ethernet onboarding. User can use ethernet cable.
You can use ethernet cable to connect AiMesh router LAN port and AiMesh node WAN port first and run the adding node process to build the mesh system.
Security fixes.
- Fixed Reflected XSS vulnerability.
- Fixed CSRF vulnerability.
- Fixed command injection vulnerability.
- Fixed stack buffer overflow vulnerability.
Thanks for Rick Ramgattie contribution.
Fixed USB hard drive over 2TB compatibility issues.
Fixed Samba/FTP folder permission issues.
Added USB3.0/2.0 mode switch setting in Administration --> System --> USB Settings.
Please unzip the firmware file first then check the MD5 code.
MD5: 665734b95c47f43c53804ca0c574013f