From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 8D9773B2A4 for ; Sun, 3 Sep 2023 15:26:27 -0400 (EDT) Received: by mail-pl1-x636.google.com with SMTP id d9443c01a7336-1bf57366ccdso9361005ad.1 for ; Sun, 03 Sep 2023 12:26:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1693769186; x=1694373986; darn=lists.bufferbloat.net; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=awj81OZsD1I+1WmAaDAoFeodTC1Vqtrhb+8dG7ivYdY=; b=UmgM0ymNc0wKhsapZY2MwRalYI72p274BCTPjROr/Sz4vgK2uGKMunjUrvsK9R3DgU cUZNObTgbkQx8av+65t+w20aOkqXdKX7tN8T6e+T8+1YEaDJzCf0thpuz3iC3KuXPGBk XcjqkkuMk8XexsiVAeo0r0NPKmOnq6wBX+rjw/4orn5FpJ6bYzrGzyAQoHLWhk7BIp5u yvCj6GMm01r8EkUbE3lqiLW2hEh9I8zYJ9As/Qcf25ExSqZ9og7Xnr/9QLoAjKjl7CW4 nwpkEQxag1yOFvc0FZDl39RubFcN+HLJH7+r3rjWeWbCN9ZWSAbhk8kgTSwtnQJPNPAE U3CQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1693769186; x=1694373986; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=awj81OZsD1I+1WmAaDAoFeodTC1Vqtrhb+8dG7ivYdY=; b=aV4ngADonPOCTBmd5/SJrI8mSQLYOBlfEaRW0sqR+2iTOY/eKnYKyLm887FrUwYS3F vfXXyhSu+R71//Cc24wioTK8vS7rRtK/U9wKkOAaSJjl8GfOZpvACmOFnbLlN/aXIp4E XPpMBD0+EdRe8xZHnsExzd2kfjZKC0Yk0hlusvT+iLBh1STzR8vH1c0fILC+ycbLIiXa sSr25SLk1jCpbwsZgkN721fht4A6J3tJ4eYQTXEGrrkJUjmz8TNtVl+xEuDA9+S9DTwA o4CQrs9lH4fUWIIvatiQhaSAPjfjxqeIZszFHtBcaDATD2AYD2rR+H9L790jguxuJFWF i/mw== X-Gm-Message-State: AOJu0Yx3Wqyspwq2QvEcpQoWWBG/IUSMdSqqnTpBmJb/VY0mERvXegf9 BxjjIZ/ioiXVsDVckyscXeaAjAyb63/Mx6jZt5Q= X-Google-Smtp-Source: AGHT+IElcQgk23FnLWjppyiC4gzc/JWwA2JPUZXBxZ0dzhYiX5l2v7vbKaqOInnBEgk5OPSY1WUhDN9DNfdUu+Cdyd0= X-Received: by 2002:a17:90a:9a87:b0:26b:513a:30b0 with SMTP id e7-20020a17090a9a8700b0026b513a30b0mr11191059pjp.10.1693769186300; Sun, 03 Sep 2023 12:26:26 -0700 (PDT) MIME-Version: 1.0 References: <60AB3DD8-4F9E-46EF-B35D-BC2402675912@redfish-solutions.com> In-Reply-To: From: Dave Taht Date: Sun, 3 Sep 2023 12:26:15 -0700 Message-ID: To: Robert Marko Cc: Philip Prindeville , Openwrt Devel , cerowrt-devel Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [Cerowrt-devel] Mofi still shipping Barrier Breaker (14.07) X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Sep 2023 19:26:27 -0000 On Sun, Sep 3, 2023 at 10:14=E2=80=AFAM Robert Marko = wrote: > > On Sun, 3 Sept 2023 at 19:05, Dave Taht wrote: > > > > The qsdk is on openwrt 15. > > You won't believe it but they made it to 19.07 from the 12.0 release, > and it seems they are preparing for 21.02. It would be so nice if they tried to keep up with 23.x and released no more than 6 months behind. But I should be filled with joy at hearing 19.07 is in there. In other news, I have no idea what openwrt version this was but tplink is vulnerable at least. https://nvd.nist.gov/vuln/detail/CVE-2023-1389 > > Regards, > Robert > > > > On Sun, Sep 3, 2023 at 9:51=E2=80=AFAM Philip Prindeville > > wrote: > > > > > > Hi all, > > > > > > As we work on the 23.05 release, I was stunned to receive a Mofi MOFI= 4500-4GXeLTE-V3 router with 14.07 installed on it as part of my Unlimitedvi= lle enrollment. > > > > > > I thought, "wow, this must have been sitting in a warehouse a while! = I'd better update it." So I went to the company's support site, grabbed t= he latest image, flashed it, rebooted and... still running 14.07. > > > > > > For those of you too young to remember, Barrier Breaker was released = 10/2014 and included the 3.10.14 kernel (released 6/2013). > > > > > > How is this not cyber security malpractice? A firewall is your first= line of defense against cyber attacks. If your firewall has long known, w= ell documented vulnerabilities and exploits, you might as well not have a f= irewall at all. > > > > > > I wrote them asking why there wasn't a more recent, more secure relea= se of the firewall firmware and this was their response: > > > > > > > > > > Dear Philip, > > > > You dint seem to know what you are talking about and should leave s= oftware to Profesionals like us and relax > > > > > > > > > I hope that most of the companies that use our software are more dili= gent, and don't incur repetitional damage to our efforts by continuing to s= hip EOL firmware. > > > > > > I get that not every company has kernel developers in-house, and fran= kly, providing an updated kernel release for their SoC is the manufacturer'= s responsibility, and MediaTek has not been responsive in this respect (for= the longest time they were shipping a 2.6.36 SDK!). Some of the larger ve= ndors (TPLink, ActionTec, Linksys, DLink, Netgear, et al) or their ODM part= ners have the option to hold their feet to the fire and make orders conting= ent on updated SDK's... I doubt that Mofi does the sort of volume that giv= es them any leverage. > > > > > > But I regress. > > > > > > Class Action suits are becoming more prevalent with computer and netw= orking equipment manufacturers, as the public becomes aware of the increasi= ng cyber security threats as well as manufacturers' implied responsibility = to address vulnerabilities in a timely fashion as they become aware of them= . > > > > > > I'm calling this out because I honestly hope it's the far outlier in = our ecosystem, and not the rule. > > > > > > Sadly, > > > > > > -Philip > > > > > > > > > _______________________________________________ > > > openwrt-devel mailing list > > > openwrt-devel@lists.openwrt.org > > > https://lists.openwrt.org/mailman/listinfo/openwrt-devel > > > > > > > > -- > > Oct 30: https://netdevconf.info/0x17/news/the-maestro-and-the-music-bof= .html > > Dave T=C3=A4ht CSO, LibreQos > > > > _______________________________________________ > > openwrt-devel mailing list > > openwrt-devel@lists.openwrt.org > > https://lists.openwrt.org/mailman/listinfo/openwrt-devel --=20 Oct 30: https://netdevconf.info/0x17/news/the-maestro-and-the-music-bof.htm= l Dave T=C3=A4ht CSO, LibreQos