ASUS ZenWiFi XD6 – Official Thread ASUS ZenWiFi XD6 Latest Firmware Version 3.0.0.4.388_23773 2023/08/11 Security: Fixed command injection vulnerabilities Fixed remove ookla-IPQ956X Fixed vulnerability in command injection after authentication Fixed XSS potentially via malformed hostname...

[UK Sentinel]

 

ASUS ZenWiFi XD6 Latest Firmware Version 3.0.0.4.388_23773

2023/08/11

Security:
Fixed command injection vulnerabilities
Fixed remove ookla-IPQ956X
Fixed vulnerability in command injection after authentication
Fixed XSS potentially via malformed hostname in DHCP request
Fixed Fixed Stored Cross Site Scriptin
Fixed XSS attack via EXT3 USB in foldername
Fixed ping ‘-c’ parameter in administration Network Tools is validated only on client side

Feature:
Fixed AiMesh related bugs.
Fixed minor GUI bugs.
Fixed bugs of Hinet MOD mesh IPTV.

https://www.asus.com/uk/networking-iot-servers/whole-home-mesh-wifi-system/zenwifi-wifi-systems/asus-zenwifi-xd6/helpdesk_bios/?model2Name=ASUS-ZenWiFi-XD6

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

Liked by:

You need to login in order to vote

[citylightwalrus]

ASUS ZenWiFi XD6 Series (XD6/XD6S) Firmware version 3.0.0.4.388_23813
Version 3.0.0.4.388_23813
73.79 MB
2024/10/21

1. Optimized memory management mechanisms, improving system efficiency and stability.
2. Strengthened input validation and data processing workflows, further protecting your information security.
3. Improved web rendering engine, enhancing browsing experience and security.
4. Enhanced security of system command processing to guard against potential malicious operations.
5. Perfected JavaScript-related security mechanisms, offering a more secure web interaction environment.

Please unzip the firmware file, and then verify the checksum.
SHA256: 68279764f847e555b8409e77e1d6ad8925dd02a4324c4bbfa66b2e1bea0f75bd

https://www.asus.com/uk/networking-iot-servers/whole-home-mesh-wifi-system/zenwifi-wifi-systems/asus-zenwifi-xd6/helpdesk_bios?model2Name=ASUS-ZenWiFi-XD6

Share the knowledge

Liked by:

You need to login in order to vote

[UK Sentinel]

Great news about this new firmware release for the ASUS ZenWiFi XD6 

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[UK Sentinel]

ASUS ZenWiFi (XD6/XD6S) Firmware version 3.0.0.4.388_25541

2026/01/15

 

Security Enhancements:
-Strengthened input validation and data processing workflows to further protect information security.
-Enhanced AiCloud password protection mechanisms, safeguarding against unauthorized access attempts.
-Enhanced device security through improved buffer handling in connection features.
-Refined data handling processes, ensuring secure and accurate information management.
-Enhanced file access control mechanisms, promoting a more secure operating environment.
-Strengthened certificate protection, providing enhanced data security.
-Enhanced input parameter handling techniques to improve data processing stability and system security.
-Password Policy Upgrade – Minimum of 10 characters, including at least one letter, one digit, and one special character; disallows consecutive identical characters; hardens defense against brute-force attacks.
-HTTPS on 8443 – Management interface now served over TLS by default.
-UPnP Disabled – Universal Plug and Play starts in the off state for reduced surface exposure.
-AiCloud Authentication Hardening (CWE-287) – Added layered verification.
-Authentication Logic Refactor – Removed redundant code paths for a lean sign-in flow.
-Memory Safety Guard (CWE-476) – Introduced null-reference protections across critical services.
-Enhanced IPsec Parameter Validation – The existing input checks have been hardened.
-Data Exposure Mitigation (CWE-200) – Reinforced controls on sensitive pathways.
-Detailed Audit Trails – Expanded logging within the authentication module.
-Enhance system access control mechanisms.
-Addressed multiple security weaknesses in AiCloud service by enforcing strict credential verification, implementing robust file path validation, and hardening command execution logic to prevent unauthorized access and manipulation of system resources.

Bug Fixes and Enhancements:
-Fixed the UI compatibility issue with the Chrome browser update.
-Improved compatibility with IoT devices on WPA2/WPA3 networks.
-Fixed client binding issues in Mesh scenarios.
-Enhanced input validation and refactored legacy string handling routines to ensure robust memory management.
-Implemented comprehensive validation and expanded command filtering in the web history API.
-Fixed a privilege escalation vector in the IFTTT token exchange mechanism.
-Strengthened input validation and directory handling in the VPN configuration upload interface.
-Fixed an issue that allowed certain user settings to be bypassed, improving overall user control and protection.
-Stability enhancements.

https://www.asus.com/uk/networking-iot-servers/whole-home-mesh-wifi-system/zenwifi-wifi-systems/asus-zenwifi-xd6/helpdesk_bios?model2Name=ASUS-ZenWiFi-XD6

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[Author]

Posts