[Nicky]

Thank you for checking with ASUS.

My password already complies with the new policy. It will be such a pain to have to reassign all the static routes, redo all static IP addresses, the port forwarding, let alone reconnect the three nodes.

I can just see a whole weekend of expletives and pulling my hair out because I’ve missed some little detail.

You need to login in order to vote

[Nicky]

. UK Sentinel Said:

New ASUS ZenWiFi XT8 (v1) Firmware version 3.0.0.4.388_24753

version 3.0.0.4.388_24753

2025/08/04

 

Important: After installing this firmware, we strongly recommend performing a factory-default reset to activate every new security adjustment.

Security Enhancements:
– Password Policy Upgrade – Minimum 10 characters with at least 1 letter, 1 digit and 1 special symbol, and no consecutive identical characters; hardens defence against brute-force attacks.
– HTTPS on 8443 – Management interface now served over TLS by default.
– UPnP Disabled – Universal Plug and Play starts in the off state for reduced surface exposure.
– AiCloud Authentication Hardening (CWE-287) – Added layered verification.
– Authentication Logic Refactor – Removed redundant code paths for a lean sign-in flow.
– Memory Safety Guard (CWE-476) – Introduced null-reference protections across critical services.
– Enhanced IPsec Parameter Validation – The existing input checks have been hardened.
– Data Exposure Mitigation (CWE-200) – Reinforced controls on sensitive pathways.
– Detailed Audit Trails – Expanded logging within the authentication module.

System Improvements:
– Connection Stability – Core algorithms refined for steadier links.
– Scheduling Accuracy – Timed tasks execute reliably under PPPoE, PPTP and L2TP WAN modes.
– Client List Maintenance – Resolved an issue that prevented offline devices from being removed from the client list.

https://www.asus.com/uk/networking-iot-servers/whole-home-mesh-wifi-system/zenwifi-wifi-systems/asus-zenwifi-ax-xt8/helpdesk_bios?model2Name=ASUS-ZenWiFi-AX-XT8

In a completely sane world, madness is the only freedom (J.G.Ballard).

Do we have to go through all the setup again once we’ve done a factory rest or can we restore the settings from a previous backup?

You need to login in order to vote

[Nicky]

It looks like turning off my AiCloud  has resolved the issue.

Liked by:

You need to login in order to vote

[Nicky]

Good news so far. I disabled my AiCloud but left the DDNS enabled and I’ve not had one lighttpd Tainted error message yet.

Liked by:

You need to login in order to vote

[Nicky]

Sorry I should have given you a straight answer before. No I hadn’t used AiCloud / DDNS before the firmware upgrade, but I had noticed the lighttpd Tainted error messages in previous versions, but didn’t really take much notice because they were very few and far between. However, since this upgrade, my system log has been full of them, there are over 100 occurrences in the log since 09:00 this morning.

I’ll disable the DDNS and AiCloud, clear the system log and get back to you with the results.

 

Liked by:

You need to login in order to vote

[Nicky]

I have just rebooted my Virgin Media MoDem and it looks as if that’s fixed the connection issue, but I’m still getting the  lighttpd Tainted reported in the system log.

You need to login in order to vote

[Nicky]

I’ve just power cycled the router and I now have web access via the DDNS, but it’s not accepting my login credentials.

You need to login in order to vote

[Nicky]

I tried logging in via AiCloud and it wouldn’t let me in with my credentials, so I deregistered and re-registered successfully with a new DDNS name. The top box under Network Map is showing “Internet Status Connected” with the newly registered DDNS name and the Let’s Encrypt Server Certificate showing as Active (with the same DDNS name), but when I try to login via the web browser I get the “Hmmm… can’t reach this page” ?

 

You need to login in order to vote

[Nicky]

I’ve just checked and QTS is off.

You need to login in order to vote

[Nicky]

Anyone know why I’m getting “kernel: CPU: 2 PID: 15279 Comm: lighttpd Tainted: P O 4.1.52 #2” messages in my system log (log attached)?

It started happening after I updated the firmware yesterday.

• This reply was modified 1 year, 3 months ago by Nicky.

Attachments:

1. syslog.txt

You need to login in order to vote

[Nicky]

It looks like a new firmware upgrade is rolling out.

 

Firmware version 3.0.0.4.388_24709
– Release Note –

New Add:
– WPA Encryption Settings Update. Added new configuration options for WPA encryption, including the option to select AES for improved client compatibility.
This setting can be found under “Network > Main Network”.

Bug Fixes and Enhancements:
– Addressed potential irregularities in AiProtection.
– Corrected the issue where the wireless network settings page disappears in AP mode on the WebGUI.
– Enhanced AiCloud password protection mechanisms, safeguarding against unauthorized access attempts.
– Enhanced input parameter handling techniques to improve data processing stability and system security.
– Enhance system access control mechanisms.
– Enhanced security of system command processing to guard against potential malicious operations.
– Fixed compatibility issues with older models, preventing WiFi malfunctions after SDN settings.
– Fixed connectivity issue with Apple wireless devices.
– Fixed an issue that could lead to system failures following a reboot.
– Fixed the malfunction of the “Prefer AP” feature.
– Fixed the issue where devices do not appear in the client list after connecting to the ASUS router.
– Fixed UI issues during VPN file export.
– Improved AiMesh backhaul stability.
– Improved web rendering engine, enhancing browsing experience and security.
– Optimized memory management mechanisms, improving system efficiency and stability.
– Optimized stability and efficiency of the AiMesh system.
– Perfected JavaScript-related security mechanisms, offering a more secure web interaction environment.
– Resolved LAN device disconnections after SDN configuration.
– Strengthened input validation and data processing workflows, further protecting your information security.

Liked by:

You need to login in order to vote

[Nicky]

I just got the notification of an update to ” 3.0.0.4.388_24688-gf94212b”. I bit the bullet, now lets see.

Anyway, I thought they were going to include monthly reboots in the next update?

Liked by:

You need to login in order to vote

[Nicky]

. Nicky Said:

Well I updated to 3.0.0.4.388_24684 (v1 flavour) about 8 hours ago. The only issue I had was with some of my 2.4G devices not reconnecting, so I just turned off the 2.4G radio for a few seconds, turned it back on and everything came back up. I can’t report on any node issues because mine are all hard wired.

Now let’s see if it holds up.

It’s been over 2 days and nothing untoward. It looks like a stable update for me.

1

Share

Liked by:

You need to login in order to vote

[Nicky]

Well I updated to 3.0.0.4.388_24684 (v1 flavour) about 8 hours ago. The only issue I had was with some of my 2.4G devices not reconnecting, so I just turned off the 2.4G radio for a few seconds, turned it back on and everything came back up. I can’t report on any node issues because mine are all hard wired.

Now let’s see if it holds up.

Liked by:

You need to login in order to vote

[Nicky]

. UK Sentinel Said:

If you were using AiMesh wireless backhaul nodes, then there could be the possibility that after scheduled reboot, the AiMesh nodes may not rejoin.

As you are hardwired backhaul, then this is less likely.

FWIW: I schedule/plan a reboot once a month just to ensure all connections and throughput are crisp as we have a gaming and partial work from home household.

Pro-Active rather than Re-Active

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[Author]

Posts