The qsdk is on openwrt 15. On Sun, Sep 3, 2023 at 9:51 AM Philip Prindeville <philipp_s...@redfish-solutions.com> wrote: > > Hi all, > > As we work on the 23.05 release, I was stunned to receive a Mofi > MOFI4500-4GXeLTE-V3 router with 14.07 installed on it as part of my > Unlimitedville enrollment. > > I thought, "wow, this must have been sitting in a warehouse a while! I'd > better update it." So I went to the company's support site, grabbed the > latest image, flashed it, rebooted and... still running 14.07. > > For those of you too young to remember, Barrier Breaker was released 10/2014 > and included the 3.10.14 kernel (released 6/2013). > > How is this not cyber security malpractice? A firewall is your first line of > defense against cyber attacks. If your firewall has long known, well > documented vulnerabilities and exploits, you might as well not have a > firewall at all. > > I wrote them asking why there wasn't a more recent, more secure release of > the firewall firmware and this was their response: > > > > Dear Philip, > > You dint seem to know what you are talking about and should leave software > > to Profesionals like us and relax > > > I hope that most of the companies that use our software are more diligent, > and don't incur repetitional damage to our efforts by continuing to ship EOL > firmware. > > I get that not every company has kernel developers in-house, and frankly, > providing an updated kernel release for their SoC is the manufacturer's > responsibility, and MediaTek has not been responsive in this respect (for the > longest time they were shipping a 2.6.36 SDK!). Some of the larger vendors > (TPLink, ActionTec, Linksys, DLink, Netgear, et al) or their ODM partners > have the option to hold their feet to the fire and make orders contingent on > updated SDK's... I doubt that Mofi does the sort of volume that gives them > any leverage. > > But I regress. > > Class Action suits are becoming more prevalent with computer and networking > equipment manufacturers, as the public becomes aware of the increasing cyber > security threats as well as manufacturers' implied responsibility to address > vulnerabilities in a timely fashion as they become aware of them. > > I'm calling this out because I honestly hope it's the far outlier in our > ecosystem, and not the rule. > > Sadly, > > -Philip > > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
-- Oct 30: https://netdevconf.info/0x17/news/the-maestro-and-the-music-bof.html Dave Täht CSO, LibreQos _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
