Home => Asus router firmware
|[Formatted for Printing]||From the personal web site of Michael Horowitz|
Created: May 11, 2021
Updated: June 24, 2021
So, I am updating the firmware on an Asus RT-AC1900P router and it does not go well. The whole experience underlined my already-held opinion, that consumer routers, as a class, should be avoided.
The RT-AC1900P is not a new model, but neither is it ancient. It is still being sold, though not widely, for about $140 US dollars.
The user interface, shown below, is simple enough. At Administration -> Firmware Update, there is a black Check button.
Click the button and it tries to contact an Asus server.
Note that I said "tried". As shown below, this failed with the error "The router cannot connect to ASUS server to check for the firmware update."
I tried this on two days and it failed on each. I also tried it using two different versions of the firmware. Each one failed. What server is it trying to contact? None of my business. I might be able to figure out the problem, if only Asus bothered to mention the server name or IP address.
Still, this is neither fatal, nor blog-worthy. It's just an annoyance.
So, off to asus.com to find the available downloads for the RT-AC1900P (FI: Asus being Asus, the firmware downloads are in a section called Drivers and Tools). This is where the story gets interesting.
Below you see the two most recent firmware releases for the router. Normally, we only care about the latest firmware release but there is something unusual about the newest firmware - its not fully baked. In techie terms, it is a Beta release.
For those of you who are not techies, Beta means buggy and not well tested. As in, "it might work well ... or it might not". Under normal circumstances, Beta software is only for techies willing to expose themselves to trouble.
Beta software is usually short-lived but the Asus firmware (version 184.108.40.206.386.41994) was released on February 1, 2021. As I write this, that is over three months ago. This is far too long. I have to wonder if anyone at Asus is actually testing it. Maybe not, after all, as noted earlier, the router is not new. So, it is tempting to ignore the Beta software and install the prior firmware (version 220.127.116.11.386.41634 released Jan. 18, 2021).
But, there are good reasons to go with the Beta firmware. The description says that it has fixes for DNSmasq vulnerabilities. DNSmasq software is found in many routers, not just from Asus, making it likely target for bad guys. Asus also notes that seven security flaws were fixed in the Beta firmware (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686). Installing the prior release, or any prior release, insures that you are installing these known flaws.
What to do? The choice is between firmware with known bugs or firmware with unknown bugs. Ugh.
I installed the Beta firmware.
After the router restarted, I logged back into it and saw it complaining that the Internet was disconnected. It was not. Maybe this is one of the unknown bugs?
Update: Firmware version 18.104.22.168.386.43129 was released May 21, 2021 with fixes for seven known bugs (aka CVEs).
|@defensivecomput||TOP||Home => Asus router firmware|
|michael--at--michaelhorowitz.com||Last Updated: June 24, 2021 9PM UTC|