v2.0.7 Bug Reports and Comments - WS3 Firmware

DOWNLOAD THE LATEST FIRMWARE HERE
User avatar
Stephen
Employee
Employee
 
Posts: 952
Joined: Sun Dec 24, 2017 8:56 pm
Has thanked: 77 times
Been thanked: 164 times

v2.0.7 Bug Reports and Comments - WS3 Firmware

Fri Oct 01, 2021 3:07 pm

v2.0.7 wrote:FIXED/CHANGED
- Connection with netonix manager works with manager version 1.0.18 or greater

ENHANCEMENTS

KNOWN ISSUES
- WEB UI issues when not at 100% Zoom on browser especially on VLAN TAB
- Some language templates need help - please private message Stephen Copeland to help

Released 10/1/2021

User avatar
mayheart
Experienced Member
 
Posts: 125
Joined: Thu Jan 15, 2015 1:42 pm
Location: Canada
Has thanked: 31 times
Been thanked: 33 times

Re: v2.0.7 Bug Reports and Comments - WS3 Firmware

Wed Mar 23, 2022 5:24 pm

Even with a device name set under configuration, SNMP still responds with "netonix_switch" from the sysName OID.

Garnet
Member
 
Posts: 67
Joined: Wed Jun 02, 2021 9:29 am
Has thanked: 2 times
Been thanked: 1 time

Re: v2.0.7 Bug Reports and Comments - WS3 Firmware

Fri Mar 25, 2022 11:17 am

Well this ones a security risk, details:

Switch Model: WS3-14-600-AC
Firmware Version: 2.0.7
Issue: Switch does not require credentials to access web interface and change settings.

Steps to Reproduce:
1. Open a new browser (preferably a private/incognito window to rule out cookies)
2. Navigate to https://WS3_SWITCH_IP/main.html
3. Switch will load the web interface and allow configuration changes
4. Note that going to https://WS3_SWITCH_IP will still ask for credentials

Expected Behaviour: WS3 will redirect browser to login page (e.g. index.php on WS series switches)
Actual Behaviour: WS3 loads configuration page without asking for credentials and allows configuration changes.

I hope we can get a quick fix to this, don't really like the idea of core hardware being wide open.

User avatar
mayheart
Experienced Member
 
Posts: 125
Joined: Thu Jan 15, 2015 1:42 pm
Location: Canada
Has thanked: 31 times
Been thanked: 33 times

Re: v2.0.7 Bug Reports and Comments - WS3 Firmware

Fri Mar 25, 2022 9:16 pm

Garnet wrote:Well this ones a security risk, details:

Switch Model: WS3-14-600-AC
Firmware Version: 2.0.7
Issue: Switch does not require credentials to access web interface and change settings.

Steps to Reproduce:
1. Open a new browser (preferably a private/incognito window to rule out cookies)
2. Navigate to https://WS3_SWITCH_IP/main.html
3. Switch will load the web interface and allow configuration changes
4. Note that going to https://WS3_SWITCH_IP will still ask for credentials

Expected Behaviour: WS3 will redirect browser to login page (e.g. index.php on WS series switches)
Actual Behaviour: WS3 loads configuration page without asking for credentials and allows configuration changes.

I hope we can get a quick fix to this, don't really like the idea of core hardware being wide open.


Can confirm this bug works.

User avatar
Hightech
Member
 
Posts: 33
Joined: Wed Mar 11, 2015 3:15 pm
Has thanked: 2 times
Been thanked: 5 times

Re: v2.0.7 Bug Reports and Comments - WS3 Firmware

Fri Apr 01, 2022 10:27 am

We just installed our first WS3-14-600-AC upgraded from a WS2-24-400A but there is something wrong with the trafic reporting in the web interface it report up to 3,5 Gbps on a 1 GB port... my guess it is a factor 10X to mouch?!
so my guess it is 350Mbps and not 3,5 Gbps trafic

Br.
Carsten

User avatar
mayheart
Experienced Member
 
Posts: 125
Joined: Thu Jan 15, 2015 1:42 pm
Location: Canada
Has thanked: 31 times
Been thanked: 33 times

Re: v2.0.7 Bug Reports and Comments - WS3 Firmware

Fri Apr 08, 2022 4:22 pm

I've confirmed the "error saving configuration" problem is caused by the security bug Garnet reported.

If you force a login by going to https://unit/ instead of https://unit/main.html the problem goes away.

User avatar
mayheart
Experienced Member
 
Posts: 125
Joined: Thu Jan 15, 2015 1:42 pm
Location: Canada
Has thanked: 31 times
Been thanked: 33 times

Re: v2.0.7 Bug Reports and Comments - WS3 Firmware

Thu May 19, 2022 12:39 pm

Any update on when this severe security bug will be fixed?

Return to Hardware and software issues

Who is online

Users browsing this forum: Google [Bot] and 12 guests