ASUS RT-AC87U AsusWrt-Merlin Firmware 384.5.0
The AsusWrt-Merlin firmware was developed with the primary goal of boosting the original ASUS firmware, fix bugs and also add new improvements. This package includes a customized firmware targeted at ASUS routers that brings various changes without modifying the interface of the original firmware.
Changes:
— NEW: Merged withh GPL 384_20648
— NEW: Merged RT-AC68U, RT-AC5300 binary blobs from 384_20648
— NEW: Merged RT-AC86U SDK and binary blobs from 384_20648
— NEW: service-event script, executed before any service call is made. First argument is the event (typically stop, start or restart), second argument is the target (wireless, httpd, etc. ). Note that this script will block the execution of the event until it returns.
— NEW: Added USB HID modules (for use with devices such as UPS)
— NEW: Added ip6tables-save command.
— CHANGED: Updated OpenVPN to 2.4.6.
— CHANGED: Updated Dropbear to 2018.76.
— CHANGED: Updated Openssl to 1.0.2o.
— CHANGED: Updated miniupnpd to version 2.1 (20180508).
— CHANGED: Updated nano to 2.9.5.
— CHANGED: Moved RT-AC86U to the same Busybox version (1.25.1) as other models.
— CHANGED: Removed option to resolve names on the Log -> Connections page. That functionality was added to the Network Tools -> Netstat page instead.
— CHANGED: Re-designed Log -> Connections page into a table with sortable fields- click on a column header to sort on that field.
— CHANGED: From now on, setting the router to act as a master browser or a WINS server will also require you to enable sharing. This will ensure that users understand that enabling either of these settings requires disk sharing to also be enabled (which it was already silently doing before).
— CHANGED: Moved «Beta firmware» option to the Tools -> Other Settings page
— CHANGED: Improved layout of the Firmware Update page
— CHANGED: WPAD behaviour (sending a carriage return on DHCP option 252) can now be controlled in the Tweaks section.
— CHANGED: Blocking custom scripts such as service-event and pre-mount will now wait a maximum of 120 seconds before resuming normal operations, to prevent accidental lockouts.
— CHANGED: Autofill start/end time for DST when selecting a timezone (LostFreq)
— FIXED: Some dnsmasq issues related to DNSSEC were fixed, including CVE-2017-15107. (backported from dnsmasq 2.79 by John Bacho)
— FIXED: Restoring an OpenVPN instance to default values would fail to disable its Start with WAN setting.
— FIXED: Hardware authentication failure for the RT-AC3100 and RT-AC5300.
— FIXED: Minidlna web status page could no longer be enabled.
— FIXED: CVE-2017-9022, CVE-2017-9023 and CVE-2017-11185 in Strongswan (odkrys)
— FIXED: Various issues with download traffic in Traditional QoS (Cédric Dufour)
— FIXED: TCP timeout values couldn’t be changed on the Tools -> Other Settings page.
— FIXED: Security issue related to webui logging in (Asus bug)
CHANGED: Revised OpenVPN server options:
— Removed «TLS Reneg time» (rarely used, can manually be set as a custom option)
— Removed «Server Poll» (which didn’t work properly), and reimplemented watchdog service, hardcoded to 2 mins frequency.
— Removed «Push LAN» and «Redirect Gateway», replaced with new Client Access setting
— Removed Firewall setting (firewall rules are now always created, and the broken External mode was fixed and integrated into the new Client Access setting). You can now use the postconf script to override it.
— Removed option to respond to DNS queries- enabling the option to Push DNS will also handle it
— Added new Client Access setting to select between three types of access: LAN only, WAN only (will block access to the LAN, including the router itself) and LAN + WAN.
— Keys and certificates can now be up to 7999 characters long.
CHANGED: Revised OpenVPN client options:
— Reorganized settings into groups
— Removed «Poll Interval» (which didn’t work properly), and reimplemented watchdog service, with a hardcoded frequency of 2 mins.
— Removed Firewall setting (firewall rules are now always created). You can now use the postconf script to override it.
— Modified behaviour of Connection Retry. Instead of taking a value in seconds that only affected resolution failure, it now takes a number of attempts, and affects connection failures. Resolution failures will now retry for an infinite period of time (the default OpenVPN value).
— Added «refresh» link which can be clicked to re-query the public IP endpoint of the tunnel
— Keys and certificates can now be up to 7999 characters long.
Installation Notes:
— This custom firmware can be applied like any regular update.
— You should not need to reset to factory defaults.
— You can revert back to an original ASUS firmware at any time.
— Do not load a saved copy of your settings.
About Router Firmware:
Before you consider downloading this firmware, go to the system information page of the router and make sure that the currently installed version isn’t either newer or matching this release.
Due to the large variety of router models and different methods for upgrading the device, it is highly recommended that you read and, above all, understand the installation steps before you apply the new firmware, even if you are a power user.
In theory, these steps shouldn’t be much of a hassle for anyone, because manufacturers try to make them as easy as possible, even if they don’t always succeed. Basically, you must upload the new firmware to the router through its administration page and allow it to upgrade.
If you install a new version, you can expect increased security levels, different vulnerability issues to be resolved, improved overall performance and transfer speeds, enhanced compatibility with other devices, added support for newly developed technologies, as well as several other changes.
If you’re looking for certain safety measures, remember that it would be best if you perform the upload using an Ethernet cable rather than a wireless connection, which can be interrupted easily. Also, make sure you don’t power off the router or use its buttons during the installation, if you wish avoid any malfunctions.
If this firmware meets your current needs, get the desired version and apply it to your router unit; if not, check with our website as often as possible so that you don’t miss the update that will improve your device.
RT-AC87U
By registering your device, you can easily manage your product warranty, get technical support and keep track of your repair status.
BIOS & FIRMWARE
Need Help?
1.Fixed the FragAttack vulnerability.
2.Fixed DoS vulnerability. Thanks for Tsinghua University NISL’s contribution.
3.Improved system stability.
4.Fixed GUI bugs.
Please unzip the firmware file first then check the MD5 code.
MD5: daa394b90c87ce1074ed088b01be8207
— Fixed Let’s Encrypt issues
— Security Fixed:
Fixed CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686
Please be noted this is a quick fix beta version for DNSmasq vulnerabilities. Refer to «Method 2: Update Manually» in https://www.asus.com/support/FAQ/1008000 to update this firmware.
Please unzip the firmware file first then check the MD5 code.
MD5: 39bfbb51d42137bcfd76ed6ee8fe2761
Security update
— Fixed CVE-2020-12695 (CallStranger)
— Fixed Reflected XSS vulnerability.
— Fixed Directory traversal vulnerability.
— Fixed CVE-2017-15653.
The update server transport layer security was upgraded and the old protocol was removed.
If your router firmware version is lower than 3.0.0.4.382.52230, please refer to the «Update Manually» section in https://www.asus.com/support/FAQ/1008000 to update the firmware.
Please unzip the firmware file first then check the MD5 code.
MD5: 8f79df26a9190f6715d2f47de5388df3
— Fixed CVE-2019-15126 (Kr00k) vulnerability.
— Fixed some UI bugs.
— Support router certificate export. After import the certificate to the computer you will not see the warning message when login with https.Please refer to https://www.asus.com/us/support/FAQ/1034294/
Please unzip the firmware file first and then check the MD5 code.
MD5: 6aa2c670b65ab9c872cbf9c3593904a7
— Fixed Let’s encrypt register issues.
— Fixed Network map client list issues.
— Fixed OpenVPN related bugs.
— Fixed schedule reboot bugs.
— Improved system stability.
— Fixed dual wan failover bugs while the primary wan type is L2TP.
Please unzip the firmware file first then check the MD5 code.
MD5: 8c276977dfef51cd7b671fa3e4ff1230
Please unzip the firmware file first then check the MD5 code.
MD5: eaea330e6727c72d5982f71ded71e2a6
— Fixed firmware update notification bugs.
— Fixed dual wan user interface bugs.
Please unzip the firmware file first then check the MD5 code.
MD5: 6f4b101c884fe779548fe9acc3608eec
Security Fix
— Fixed DDoS vulnerability.
— Fixed AiCloud vulnerability. Thanks for Matt Cundari’s contribution.
— Fixed command injection vulnerability. Thanks for S1mba Lu’s contribution.
— Fixed buffer overflow vulnerability. Thanks for Javier Aguinaga’s contribution.
— Fixed CVE-2018-20334
— Fixed CVE-2018-20336
— Fixed null pointer issue. Thanks for CodeBreaker of STARLabs’ contribution.
— Fixed AiCloud buffer overflow vulnerability. Thanks for Resecurity International’s contribution.
Please unzip the firmware file first then check the MD5 code.
MD5: 53a309a4eb1d958aa25960e0c0039278
— Improved system stability.
— Fixed XSS vulnerability. Thanks to Yonghui Han of Fortinet’s FortiGuard Labs.
— Fixed CVE-2018-8877, CVE-2018-8878, CVE-2018-8879
— Fixed plain text password vulnerability in lighthttpd
— Modified Quick Internet Setup wizard process.
— Main SSID and guest network can hide independently.
— Suport multi-langue(UTF-8) network name
— Modified the EULA for DDNS, AiProtection, Adaptive QoS, Traffic Analyzer, Web history, Feedback.
— Added Privacy page in Advanced settings
— Fixed IPv6 bugs
— Modified USB 3.0 related strings.
— Added more protection mechanism for OpenVPN account.
— Limited Web&Apps filter number to 16
* Windows XP and Windows 7 do not support UTF-8 format SSID. These two
OS may see gibberish if using multi-language SSID.
Please unzip the firmware file first then check the MD5 code.
MD5: 73e49de69339502a8e98fa42da8da16c
Security fixed
-Fixed KRACK vulnerability
-Fixed CVE-2017-14491: DNS — 2 byte heap based overflow
-Fixed CVE-2017-14492: DHCP — heap based overflow
-Fixed CVE-2017-14493: DHCP — stack based overflow
-Fixed CVE-2017-14494: DHCP — info leak
-Fixed CVE-2017-14495: DNS — OOM DoS
-Fixed CVE-2017-14496: DNS — DoS Integer underflow
-Fixed CVE-2017-13704 : Bug collision
-Fixed predictable session tokens(CVE-2017-15654), logged user IP validation(CVE-2017-15653), Logged-in information disclosure (special thanks for Blazej Adamczyk contribution)
-Fixed web GUI authorization vulnerabilities.
-Fixed AiCloud XSS vulnerabilities
-Fixed XSS vulnerability. Thanks for Joaquim’s contribution.
-Fixed LAN RCE vulnerability. An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program
-Fixed remote code execution vulnerability. Thanks to David Maciejak of Fortinet’s FortiGuard Labs
-Fixed Smart Sync Stored XSS vulnerabilities. Thanks fo Guy Arazi’s contribution.
-Fixed CVE-2018-5721 Stack-based buffer overflow.
New features
-HDD Hibernation
-URL filter black/white list
-Bandwidth limiter on guest network
-URL filter support https website
Bug fixed
-Fixed CTF related issues
-Fixed AiCloud smart sync issue.
-Fixed client icon modification issue when client name includes special characters.
-Fixed AiCloud smart sync problem.
Please unzip the firmware file first then check the MD5 code.
MD5: 8cebc204c8a5ff71fbb6b76b4828cfe7