v2.0.7 Bug Reports and Comments - WS3 Firmware

[Stephen]

FIXED/CHANGED
- Connection with netonix manager works with manager version 1.0.18 or greater

ENHANCEMENTS

KNOWN ISSUES
- WEB UI issues when not at 100% Zoom on browser especially on VLAN TAB
- Some language templates need help - please private message Stephen Copeland to help

Released 10/1/2021

[mayheart]

Even with a device name set under configuration, SNMP still responds with "netonix_switch" from the sysName OID.

[Garnet]

Well this ones a security risk, details:

Switch Model: WS3-14-600-AC
Firmware Version: 2.0.7
Issue: Switch does not require credentials to access web interface and change settings.

Steps to Reproduce:
1. Open a new browser (preferably a private/incognito window to rule out cookies)
2. Navigate to https://WS3_SWITCH_IP/main.html
3. Switch will load the web interface and allow configuration changes
4. Note that going to https://WS3_SWITCH_IP will still ask for credentials

Expected Behaviour: WS3 will redirect browser to login page (e.g. index.php on WS series switches)
Actual Behaviour: WS3 loads configuration page without asking for credentials and allows configuration changes.

I hope we can get a quick fix to this, don't really like the idea of core hardware being wide open.

[mayheart]

Well this ones a security risk, details:

Switch Model: WS3-14-600-AC
Firmware Version: 2.0.7
Issue: Switch does not require credentials to access web interface and change settings.

Steps to Reproduce:
1. Open a new browser (preferably a private/incognito window to rule out cookies)
2. Navigate to https://WS3_SWITCH_IP/main.html
3. Switch will load the web interface and allow configuration changes
4. Note that going to https://WS3_SWITCH_IP will still ask for credentials

Expected Behaviour: WS3 will redirect browser to login page (e.g. index.php on WS series switches)
Actual Behaviour: WS3 loads configuration page without asking for credentials and allows configuration changes.

I hope we can get a quick fix to this, don't really like the idea of core hardware being wide open.

Can confirm this bug works.

[Hightech]

We just installed our first WS3-14-600-AC upgraded from a WS2-24-400A but there is something wrong with the trafic reporting in the web interface it report up to 3,5 Gbps on a 1 GB port... my guess it is a factor 10X to mouch?!
so my guess it is 350Mbps and not 3,5 Gbps trafic

Br.
Carsten

[mayheart]

I've confirmed the "error saving configuration" problem is caused by the security bug Garnet reported.

If you force a login by going to https://unit/ instead of https://unit/main.html the problem goes away.

[mayheart]

Any update on when this severe security bug will be fixed?