[Cerowrt-devel] Mofi still shipping Barrier Breaker (14.07)
Stephen Hemminger
stephen at networkplumber.org
Sun Sep 3 13:10:07 EDT 2023
I ended up replacing an Asus router because they were still using 3.14 with
no upgrade planned
The issue is vendor closed source blobs
On Sun, Sep 3, 2023, 7:04 PM Dave Taht via Cerowrt-devel <
cerowrt-devel at lists.bufferbloat.net> wrote:
> The qsdk is on openwrt 15.
>
> On Sun, Sep 3, 2023 at 9:51 AM Philip Prindeville
> <philipp_subx at redfish-solutions.com> wrote:
> >
> > Hi all,
> >
> > As we work on the 23.05 release, I was stunned to receive a Mofi
> MOFI4500-4GXeLTE-V3 router with 14.07 installed on it as part of my
> Unlimitedville enrollment.
> >
> > I thought, "wow, this must have been sitting in a warehouse a while!
> I'd better update it." So I went to the company's support site, grabbed
> the latest image, flashed it, rebooted and... still running 14.07.
> >
> > For those of you too young to remember, Barrier Breaker was released
> 10/2014 and included the 3.10.14 kernel (released 6/2013).
> >
> > How is this not cyber security malpractice? A firewall is your first
> line of defense against cyber attacks. If your firewall has long known,
> well documented vulnerabilities and exploits, you might as well not have a
> firewall at all.
> >
> > I wrote them asking why there wasn't a more recent, more secure release
> of the firewall firmware and this was their response:
> >
> >
> > > Dear Philip,
> > > You dint seem to know what you are talking about and should leave
> software to Profesionals like us and relax
> >
> >
> > I hope that most of the companies that use our software are more
> diligent, and don't incur repetitional damage to our efforts by continuing
> to ship EOL firmware.
> >
> > I get that not every company has kernel developers in-house, and
> frankly, providing an updated kernel release for their SoC is the
> manufacturer's responsibility, and MediaTek has not been responsive in this
> respect (for the longest time they were shipping a 2.6.36 SDK!). Some of
> the larger vendors (TPLink, ActionTec, Linksys, DLink, Netgear, et al) or
> their ODM partners have the option to hold their feet to the fire and make
> orders contingent on updated SDK's... I doubt that Mofi does the sort of
> volume that gives them any leverage.
> >
> > But I regress.
> >
> > Class Action suits are becoming more prevalent with computer and
> networking equipment manufacturers, as the public becomes aware of the
> increasing cyber security threats as well as manufacturers' implied
> responsibility to address vulnerabilities in a timely fashion as they
> become aware of them.
> >
> > I'm calling this out because I honestly hope it's the far outlier in our
> ecosystem, and not the rule.
> >
> > Sadly,
> >
> > -Philip
> >
> >
> > _______________________________________________
> > openwrt-devel mailing list
> > openwrt-devel at lists.openwrt.org
> > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>
>
>
> --
> Oct 30:
> https://netdevconf.info/0x17/news/the-maestro-and-the-music-bof.html
> Dave Täht CSO, LibreQos
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20230903/1106cca7/attachment.html>
More information about the Cerowrt-devel
mailing list