Michael Horowitz
Home => Asus router firmware
[Formatted for Printing] From the personal web site of  Michael Horowitz

Asus router firmware: How do you prefer your bugs? New or Old?

Created: May 11, 2021
Updated: June 24, 2021

So, I am updating the firmware on an Asus RT-AC1900P router and it does not go well. The whole experience underlined my already-held opinion, that consumer routers, as a class, should be avoided.

The RT-AC1900P is not a new model, but neither is it ancient. It is still being sold, though not widely, for about $140 US dollars.

The user interface, shown below, is simple enough. At Administration -> Firmware Update, there is a black Check button.

Updating firmware on an Asus router
 Updating firmware on an Asus router 

Click the button and it tries to contact an Asus server.

Checking for new firmware
 Checking for new firmware . . .  

Note that I said "tried". As shown below, this failed with the error "The router cannot connect to ASUS server to check for the firmware update."

The check for new firmware fails
 The check for new firmware fails 

I tried this on two days and it failed on each. I also tried it using two different versions of the firmware. Each one failed. What server is it trying to contact? None of my business. I might be able to figure out the problem, if only Asus bothered to mention the server name or IP address.

Still, this is neither fatal, nor blog-worthy. It's just an annoyance.

So, off to asus.com to find the available downloads for the RT-AC1900P (FI: Asus being Asus, the firmware downloads are in a section called Drivers and Tools). This is where the story gets interesting.

Below you see the two most recent firmware releases for the router. Normally, we only care about the latest firmware release but there is something unusual about the newest firmware - its not fully baked. In techie terms, it is a Beta release.

Available firmware for the RT-AC1900P
 Available firmware for the RT-AC1900P 

For those of you who are not techies, Beta means buggy and not well tested. As in, "it might work well ... or it might not". Under normal circumstances, Beta software is only for techies willing to expose themselves to trouble.

Beta software is usually short-lived but the Asus firmware (version 9.0.0.4.386.41994) was released on February 1, 2021. As I write this, that is over three months ago. This is far too long. I have to wonder if anyone at Asus is actually testing it. Maybe not, after all, as noted earlier, the router is not new. So, it is tempting to ignore the Beta software and install the prior firmware (version 3.0.0.4.386.41634 released Jan. 18, 2021).

But, there are good reasons to go with the Beta firmware. The description says that it has fixes for DNSmasq vulnerabilities. DNSmasq software is found in many routers, not just from Asus, making it likely target for bad guys. Asus also notes that seven security flaws were fixed in the Beta firmware (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686). Installing the prior release, or any prior release, insures that you are installing these known flaws.

What to do? The choice is between firmware with known bugs or firmware with unknown bugs. Ugh.

I installed the Beta firmware.

After the router restarted, I logged back into it and saw it complaining that the Internet was disconnected. It was not. Maybe this is one of the unknown bugs?

Update: Firmware version 3.0.0.4.386.43129 was released May 21, 2021 with fixes for seven known bugs (aka CVEs).

 

 

 @defensivecomput TOP Home => Asus router firmware   
 michael--at--michaelhorowitz.com   Last Updated: June 24, 2021 9PM UTC  
  License Plate
Copyright 2001-2021
Copyright 2001-2021  
Printed at:   September 27, 2021 1:31pm   ET
Viewed 3,026 times since May 11, 2021 (22/day over 139 days)