ASUS RT-AX3000S

Firmware History

1. 3.0.0.4.388_34015

   2026-03-24

   Security Fixes - Enhanced input validation and protection to reduce the risk of command injection and SQL injection. - Hardened environment variable handling. - Hardened protections around specific logging/command composition flows to reduce potential injection risks. - Patched a command injection risk in a specific network diagnostic function. We recommend upgrading to this version to maintain best protection.

   Download from ASUS (opens in new tab)
2. 3.0.0.4.388_33965

   2025-10-20

   - Enhanced system stability. - Enhanced input validation and refactored legacy string handling routines to ensure robust memory management. - Implemented comprehensive validation and expanded command filtering in the web history API. - Strengthened input validation and directory handling in the VPN configuration upload interface. - Fixed an issue that allowed certain user settings to be bypassed, improving overall user control and protection. - Password Policy Upgrade – Minimum of 10 characters, including at least one letter, one digit, and one special character; disallows consecutive identical characters; hardens defense against brute-force attacks. - HTTPS on 8443 – Management interface now served over TLS by default. - UPnP Disabled – Universal Plug and Play starts in the off state for reduced surface exposure. - Authentication Logic Refactor – Removed redundant code paths for a lean sign-in flow. - Memory Safety Guard (CWE-476) – Introduced null-reference protections across critical services. - Enhanced IPsec Parameter Validation – The existing input checks have been hardened. - Data Exposure Mitigation (CWE-200) – Reinforced controls on sensitive pathways. - Detailed Audit Trails – Expanded logging within the authentication module.