[Cerowrt-devel] Mofi still shipping Barrier Breaker (14.07)
Dave Taht
dave.taht at gmail.com
Sun Sep 3 15:26:15 EDT 2023
On Sun, Sep 3, 2023 at 10:14 AM Robert Marko <robimarko at gmail.com> wrote:
>
> On Sun, 3 Sept 2023 at 19:05, Dave Taht <dave.taht at gmail.com> wrote:
> >
> > The qsdk is on openwrt 15.
>
> You won't believe it but they made it to 19.07 from the 12.0 release,
> and it seems they are preparing for 21.02.
It would be so nice if they tried to keep up with 23.x and released no
more than 6 months behind. But I should be filled with joy at hearing
19.07 is in there.
In other news, I have no idea what openwrt version this was but tplink
is vulnerable at least.
https://nvd.nist.gov/vuln/detail/CVE-2023-1389
>
> Regards,
> Robert
> >
> > On Sun, Sep 3, 2023 at 9:51 AM Philip Prindeville
> > <philipp_subx at redfish-solutions.com> wrote:
> > >
> > > Hi all,
> > >
> > > As we work on the 23.05 release, I was stunned to receive a Mofi MOFI4500-4GXeLTE-V3 router with 14.07 installed on it as part of my Unlimitedville enrollment.
> > >
> > > I thought, "wow, this must have been sitting in a warehouse a while! I'd better update it." So I went to the company's support site, grabbed the latest image, flashed it, rebooted and... still running 14.07.
> > >
> > > For those of you too young to remember, Barrier Breaker was released 10/2014 and included the 3.10.14 kernel (released 6/2013).
> > >
> > > How is this not cyber security malpractice? A firewall is your first line of defense against cyber attacks. If your firewall has long known, well documented vulnerabilities and exploits, you might as well not have a firewall at all.
> > >
> > > I wrote them asking why there wasn't a more recent, more secure release of the firewall firmware and this was their response:
> > >
> > >
> > > > Dear Philip,
> > > > You dint seem to know what you are talking about and should leave software to Profesionals like us and relax
> > >
> > >
> > > I hope that most of the companies that use our software are more diligent, and don't incur repetitional damage to our efforts by continuing to ship EOL firmware.
> > >
> > > I get that not every company has kernel developers in-house, and frankly, providing an updated kernel release for their SoC is the manufacturer's responsibility, and MediaTek has not been responsive in this respect (for the longest time they were shipping a 2.6.36 SDK!). Some of the larger vendors (TPLink, ActionTec, Linksys, DLink, Netgear, et al) or their ODM partners have the option to hold their feet to the fire and make orders contingent on updated SDK's... I doubt that Mofi does the sort of volume that gives them any leverage.
> > >
> > > But I regress.
> > >
> > > Class Action suits are becoming more prevalent with computer and networking equipment manufacturers, as the public becomes aware of the increasing cyber security threats as well as manufacturers' implied responsibility to address vulnerabilities in a timely fashion as they become aware of them.
> > >
> > > I'm calling this out because I honestly hope it's the far outlier in our ecosystem, and not the rule.
> > >
> > > Sadly,
> > >
> > > -Philip
> > >
> > >
> > > _______________________________________________
> > > openwrt-devel mailing list
> > > openwrt-devel at lists.openwrt.org
> > > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> >
> >
> >
> > --
> > Oct 30: https://netdevconf.info/0x17/news/the-maestro-and-the-music-bof.html
> > Dave Täht CSO, LibreQos
> >
> > _______________________________________________
> > openwrt-devel mailing list
> > openwrt-devel at lists.openwrt.org
> > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
--
Oct 30: https://netdevconf.info/0x17/news/the-maestro-and-the-music-bof.html
Dave Täht CSO, LibreQos
More information about the Cerowrt-devel
mailing list