v2.0.7 Bug Reports and Comments - WS3 Firmware

DOWNLOAD THE LATEST FIRMWARE HERE
User avatar
Stephen
Employee
Employee
 
Posts: 952
Joined: Sun Dec 24, 2017 8:56 pm
Has thanked: 77 times
Been thanked: 165 times

v2.0.7 Bug Reports and Comments - WS3 Firmware

Fri Oct 01, 2021 3:07 pm

v2.0.7 wrote:FIXED/CHANGED
- Connection with netonix manager works with manager version 1.0.18 or greater

ENHANCEMENTS

KNOWN ISSUES
- WEB UI issues when not at 100% Zoom on browser especially on VLAN TAB
- Some language templates need help - please private message Stephen Copeland to help

Released 10/1/2021

User avatar
mayheart
Experienced Member
 
Posts: 136
Joined: Thu Jan 15, 2015 1:42 pm
Location: Canada
Has thanked: 33 times
Been thanked: 34 times

Re: v2.0.7 Bug Reports and Comments - WS3 Firmware

Wed Mar 23, 2022 5:24 pm

Even with a device name set under configuration, SNMP still responds with "netonix_switch" from the sysName OID.

Garnet
Member
 
Posts: 68
Joined: Wed Jun 02, 2021 9:29 am
Has thanked: 2 times
Been thanked: 1 time

Re: v2.0.7 Bug Reports and Comments - WS3 Firmware

Fri Mar 25, 2022 11:17 am

Well this ones a security risk, details:

Switch Model: WS3-14-600-AC
Firmware Version: 2.0.7
Issue: Switch does not require credentials to access web interface and change settings.

Steps to Reproduce:
1. Open a new browser (preferably a private/incognito window to rule out cookies)
2. Navigate to https://WS3_SWITCH_IP/main.html
3. Switch will load the web interface and allow configuration changes
4. Note that going to https://WS3_SWITCH_IP will still ask for credentials

Expected Behaviour: WS3 will redirect browser to login page (e.g. index.php on WS series switches)
Actual Behaviour: WS3 loads configuration page without asking for credentials and allows configuration changes.

I hope we can get a quick fix to this, don't really like the idea of core hardware being wide open.

User avatar
mayheart
Experienced Member
 
Posts: 136
Joined: Thu Jan 15, 2015 1:42 pm
Location: Canada
Has thanked: 33 times
Been thanked: 34 times

Re: v2.0.7 Bug Reports and Comments - WS3 Firmware

Fri Mar 25, 2022 9:16 pm

Garnet wrote:Well this ones a security risk, details:

Switch Model: WS3-14-600-AC
Firmware Version: 2.0.7
Issue: Switch does not require credentials to access web interface and change settings.

Steps to Reproduce:
1. Open a new browser (preferably a private/incognito window to rule out cookies)
2. Navigate to https://WS3_SWITCH_IP/main.html
3. Switch will load the web interface and allow configuration changes
4. Note that going to https://WS3_SWITCH_IP will still ask for credentials

Expected Behaviour: WS3 will redirect browser to login page (e.g. index.php on WS series switches)
Actual Behaviour: WS3 loads configuration page without asking for credentials and allows configuration changes.

I hope we can get a quick fix to this, don't really like the idea of core hardware being wide open.


Can confirm this bug works.

User avatar
Hightech
Member
 
Posts: 33
Joined: Wed Mar 11, 2015 3:15 pm
Has thanked: 2 times
Been thanked: 5 times

Re: v2.0.7 Bug Reports and Comments - WS3 Firmware

Fri Apr 01, 2022 10:27 am

We just installed our first WS3-14-600-AC upgraded from a WS2-24-400A but there is something wrong with the trafic reporting in the web interface it report up to 3,5 Gbps on a 1 GB port... my guess it is a factor 10X to mouch?!
so my guess it is 350Mbps and not 3,5 Gbps trafic

Br.
Carsten

User avatar
mayheart
Experienced Member
 
Posts: 136
Joined: Thu Jan 15, 2015 1:42 pm
Location: Canada
Has thanked: 33 times
Been thanked: 34 times

Re: v2.0.7 Bug Reports and Comments - WS3 Firmware

Fri Apr 08, 2022 4:22 pm

I've confirmed the "error saving configuration" problem is caused by the security bug Garnet reported.

If you force a login by going to https://unit/ instead of https://unit/main.html the problem goes away.

User avatar
mayheart
Experienced Member
 
Posts: 136
Joined: Thu Jan 15, 2015 1:42 pm
Location: Canada
Has thanked: 33 times
Been thanked: 34 times

Re: v2.0.7 Bug Reports and Comments - WS3 Firmware

Thu May 19, 2022 12:39 pm

Any update on when this severe security bug will be fixed?

Garnet
Member
 
Posts: 68
Joined: Wed Jun 02, 2021 9:29 am
Has thanked: 2 times
Been thanked: 1 time

Re: v2.0.7 Bug Reports and Comments - WS3 Firmware

Fri Aug 12, 2022 11:10 am

As Netonix has had several months to at the very least follow up on this severe security bug and has not my company will be filing it as a CVE. We are well passed the responsible disclosure date for what is most likely a one line code change to fix a very real security hole.

User avatar
Dave
Employee
Employee
 
Posts: 678
Joined: Tue Apr 08, 2014 6:28 pm
Has thanked: 1 time
Been thanked: 146 times

Re: v2.0.7 Bug Reports and Comments - WS3 Firmware

Fri Aug 12, 2022 12:50 pm

new ws3 RC code was released last night from developer....is planned on being released next week after some testing ....all known issues have been resolved...

michaeln416
Member
 
Posts: 28
Joined: Sun Oct 30, 2016 10:40 am
Has thanked: 2 times
Been thanked: 6 times

Re: v2.0.7 Bug Reports and Comments - WS3 Firmware

Wed Aug 24, 2022 5:10 pm

Dave wrote:new ws3 RC code was released last night from developer....is planned on being released next week after some testing ....all known issues have been resolved...


This is great news. Looking forward to installing it and testing it here.

Return to Hardware and software issues

Who is online

Users browsing this forum: mayheart and 6 guests