ASUS has just released a hefty update for RT-AC87U router. It includes quite a long list of security fixes as well as bug fixes and new features. It’s highly recommended to update it!
ASUS RT-AC87U Firmware version 3.0.0.4.382.50010
Security fixed
- Fixed KRACK vulnerability
- Fixed CVE-2017-14491: DNS – 2 byte heap based overflow
- Fixed CVE-2017-14492: DHCP – heap based overflow
- Fixed CVE-2017-14493: DHCP – stack based overflow
- Fixed CVE-2017-14494: DHCP – info leak
- Fixed CVE-2017-14495: DNS – OOM DoS
- Fixed CVE-2017-14496: DNS – DoS Integer underflow
- Fixed CVE-2017-13704 : Bug collision
- Fixed predictable session tokens (CVE-2017-15654), logged user IP validation (CVE-2017-15653), Logged-in information disclosure (special thanks for Blazej Adamczyk contribution)
- Fixed web GUI authorization vulnerabilities.
- Fixed AiCloud XSS vulnerabilities
- Fixed XSS vulnerability. Thanks for Joaquim’s contribution.
- Fixed LAN RCE vulnerability. An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program
- Fixed remote code execution vulnerability. Thanks to David Maciejak of Fortinet’sFortiGuard Labs
- Fixed Smart Sync Stored XSS vulnerabilities. Thanks fo Guy Arazi’s contribution.
- Fixed CVE-2018-5721 Stack-based buffer overflow.
New features
- HDD Hibernation
- URL filter black/white list
- Bandwidth limiter on guest network
- URL filter support https website
Bug fixed
- Fixed CTF related issues
- Fixed AiCloud smart sync issue.
- Fixed client icon modification issue when client name includes special characters.
- Fixed AiCloud smart sync problem.
Grab it here:
https://www.asus.com/us/Networking/RTAC87U/HelpDesk_BIOS/