v2.0.7 wrote:FIXED/CHANGED
- Connection with netonix manager works with manager version 1.0.18 or greater
ENHANCEMENTS
KNOWN ISSUES
- WEB UI issues when not at 100% Zoom on browser especially on VLAN TAB
- Some language templates need help - please private message Stephen Copeland to help
Released 10/1/2021
v2.0.7 Bug Reports and Comments - WS3 Firmware
-
Stephen - Employee
- Posts: 952
- Joined: Sun Dec 24, 2017 8:56 pm
- Has thanked: 77 times
- Been thanked: 164 times
v2.0.7 Bug Reports and Comments - WS3 Firmware
-
mayheart - Experienced Member
- Posts: 125
- Joined: Thu Jan 15, 2015 1:42 pm
- Location: Canada
- Has thanked: 31 times
- Been thanked: 33 times
Re: v2.0.7 Bug Reports and Comments - WS3 Firmware
Even with a device name set under configuration, SNMP still responds with "netonix_switch" from the sysName OID.
Re: v2.0.7 Bug Reports and Comments - WS3 Firmware
Well this ones a security risk, details:
Switch Model: WS3-14-600-AC
Firmware Version: 2.0.7
Issue: Switch does not require credentials to access web interface and change settings.
Steps to Reproduce:
1. Open a new browser (preferably a private/incognito window to rule out cookies)
2. Navigate to https://WS3_SWITCH_IP/main.html
3. Switch will load the web interface and allow configuration changes
4. Note that going to https://WS3_SWITCH_IP will still ask for credentials
Expected Behaviour: WS3 will redirect browser to login page (e.g. index.php on WS series switches)
Actual Behaviour: WS3 loads configuration page without asking for credentials and allows configuration changes.
I hope we can get a quick fix to this, don't really like the idea of core hardware being wide open.
Switch Model: WS3-14-600-AC
Firmware Version: 2.0.7
Issue: Switch does not require credentials to access web interface and change settings.
Steps to Reproduce:
1. Open a new browser (preferably a private/incognito window to rule out cookies)
2. Navigate to https://WS3_SWITCH_IP/main.html
3. Switch will load the web interface and allow configuration changes
4. Note that going to https://WS3_SWITCH_IP will still ask for credentials
Expected Behaviour: WS3 will redirect browser to login page (e.g. index.php on WS series switches)
Actual Behaviour: WS3 loads configuration page without asking for credentials and allows configuration changes.
I hope we can get a quick fix to this, don't really like the idea of core hardware being wide open.
-
mayheart - Experienced Member
- Posts: 125
- Joined: Thu Jan 15, 2015 1:42 pm
- Location: Canada
- Has thanked: 31 times
- Been thanked: 33 times
Re: v2.0.7 Bug Reports and Comments - WS3 Firmware
Garnet wrote:Well this ones a security risk, details:
Switch Model: WS3-14-600-AC
Firmware Version: 2.0.7
Issue: Switch does not require credentials to access web interface and change settings.
Steps to Reproduce:
1. Open a new browser (preferably a private/incognito window to rule out cookies)
2. Navigate to https://WS3_SWITCH_IP/main.html
3. Switch will load the web interface and allow configuration changes
4. Note that going to https://WS3_SWITCH_IP will still ask for credentials
Expected Behaviour: WS3 will redirect browser to login page (e.g. index.php on WS series switches)
Actual Behaviour: WS3 loads configuration page without asking for credentials and allows configuration changes.
I hope we can get a quick fix to this, don't really like the idea of core hardware being wide open.
Can confirm this bug works.
-
Hightech - Member
- Posts: 33
- Joined: Wed Mar 11, 2015 3:15 pm
- Has thanked: 2 times
- Been thanked: 5 times
Re: v2.0.7 Bug Reports and Comments - WS3 Firmware
We just installed our first WS3-14-600-AC upgraded from a WS2-24-400A but there is something wrong with the trafic reporting in the web interface it report up to 3,5 Gbps on a 1 GB port... my guess it is a factor 10X to mouch?!
so my guess it is 350Mbps and not 3,5 Gbps trafic
Br.
Carsten
so my guess it is 350Mbps and not 3,5 Gbps trafic
Br.
Carsten
-
mayheart - Experienced Member
- Posts: 125
- Joined: Thu Jan 15, 2015 1:42 pm
- Location: Canada
- Has thanked: 31 times
- Been thanked: 33 times
Re: v2.0.7 Bug Reports and Comments - WS3 Firmware
I've confirmed the "error saving configuration" problem is caused by the security bug Garnet reported.
If you force a login by going to https://unit/ instead of https://unit/main.html the problem goes away.
If you force a login by going to https://unit/ instead of https://unit/main.html the problem goes away.
-
mayheart - Experienced Member
- Posts: 125
- Joined: Thu Jan 15, 2015 1:42 pm
- Location: Canada
- Has thanked: 31 times
- Been thanked: 33 times
Re: v2.0.7 Bug Reports and Comments - WS3 Firmware
Any update on when this severe security bug will be fixed?
7 posts
Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 12 guests