Page 1 of 1
v2.0.7 Bug Reports and Comments - WS3 Firmware
Posted: Fri Oct 01, 2021 3:07 pm
by Stephen
v2.0.7 wrote:FIXED/CHANGED
- Connection with netonix manager works with manager version 1.0.18 or greater
ENHANCEMENTS
KNOWN ISSUES
- WEB UI issues when not at 100% Zoom on browser especially on VLAN TAB
- Some language templates need help - please private message Stephen Copeland to help
Released 10/1/2021
Re: v2.0.7 Bug Reports and Comments - WS3 Firmware
Posted: Wed Mar 23, 2022 5:24 pm
by mayheart
Even with a device name set under configuration, SNMP still responds with "netonix_switch" from the sysName OID.
Re: v2.0.7 Bug Reports and Comments - WS3 Firmware
Posted: Fri Mar 25, 2022 11:17 am
by Garnet
Well this ones a security risk, details:
Switch Model: WS3-14-600-AC
Firmware Version: 2.0.7
Issue: Switch does not require credentials to access web interface and change settings.
Steps to Reproduce:
1. Open a new browser (preferably a private/incognito window to rule out cookies)
2. Navigate to
https://WS3_SWITCH_IP/main.html3. Switch will load the web interface and allow configuration changes
4. Note that going to
https://WS3_SWITCH_IP will still ask for credentials
Expected Behaviour: WS3 will redirect browser to login page (e.g. index.php on WS series switches)
Actual Behaviour: WS3 loads configuration page without asking for credentials and allows configuration changes.
I hope we can get a quick fix to this, don't really like the idea of core hardware being wide open.
Re: v2.0.7 Bug Reports and Comments - WS3 Firmware
Posted: Fri Mar 25, 2022 9:16 pm
by mayheart
Garnet wrote:Well this ones a security risk, details:
Switch Model: WS3-14-600-AC
Firmware Version: 2.0.7
Issue: Switch does not require credentials to access web interface and change settings.
Steps to Reproduce:
1. Open a new browser (preferably a private/incognito window to rule out cookies)
2. Navigate to
https://WS3_SWITCH_IP/main.html3. Switch will load the web interface and allow configuration changes
4. Note that going to
https://WS3_SWITCH_IP will still ask for credentials
Expected Behaviour: WS3 will redirect browser to login page (e.g. index.php on WS series switches)
Actual Behaviour: WS3 loads configuration page without asking for credentials and allows configuration changes.
I hope we can get a quick fix to this, don't really like the idea of core hardware being wide open.
Can confirm this bug works.
Re: v2.0.7 Bug Reports and Comments - WS3 Firmware
Posted: Fri Apr 01, 2022 10:27 am
by Hightech
We just installed our first WS3-14-600-AC upgraded from a WS2-24-400A but there is something wrong with the trafic reporting in the web interface it report up to 3,5 Gbps on a 1 GB port... my guess it is a factor 10X to mouch?!
so my guess it is 350Mbps and not 3,5 Gbps trafic
Br.
Carsten
Re: v2.0.7 Bug Reports and Comments - WS3 Firmware
Posted: Fri Apr 08, 2022 4:22 pm
by mayheart
I've confirmed the "error saving configuration" problem is caused by the security bug Garnet reported.
If you force a login by going to
https://unit/ instead of
https://unit/main.html the problem goes away.
Re: v2.0.7 Bug Reports and Comments - WS3 Firmware
Posted: Thu May 19, 2022 12:39 pm
by mayheart
Any update on when this severe security bug will be fixed?
Re: v2.0.7 Bug Reports and Comments - WS3 Firmware
Posted: Fri Aug 12, 2022 11:10 am
by Garnet
As Netonix has had several months to at the very least follow up on this severe security bug and has not my company will be filing it as a CVE. We are well passed the responsible disclosure date for what is most likely a one line code change to fix a very real security hole.
Re: v2.0.7 Bug Reports and Comments - WS3 Firmware
Posted: Fri Aug 12, 2022 12:50 pm
by Dave
new ws3 RC code was released last night from developer....is planned on being released next week after some testing ....all known issues have been resolved...
Re: v2.0.7 Bug Reports and Comments - WS3 Firmware
Posted: Wed Aug 24, 2022 5:10 pm
by michaeln416
Dave wrote:new ws3 RC code was released last night from developer....is planned on being released next week after some testing ....all known issues have been resolved...
This is great news. Looking forward to installing it and testing it here.