On Sun, Sep 3, 2023 at 10:14 AM Robert Marko <robima...@gmail.com> wrote: > > On Sun, 3 Sept 2023 at 19:05, Dave Taht <dave.t...@gmail.com> wrote: > > > > The qsdk is on openwrt 15. > > You won't believe it but they made it to 19.07 from the 12.0 release, > and it seems they are preparing for 21.02.
It would be so nice if they tried to keep up with 23.x and released no more than 6 months behind. But I should be filled with joy at hearing 19.07 is in there. In other news, I have no idea what openwrt version this was but tplink is vulnerable at least. https://nvd.nist.gov/vuln/detail/CVE-2023-1389 > > Regards, > Robert > > > > On Sun, Sep 3, 2023 at 9:51 AM Philip Prindeville > > <philipp_s...@redfish-solutions.com> wrote: > > > > > > Hi all, > > > > > > As we work on the 23.05 release, I was stunned to receive a Mofi > > > MOFI4500-4GXeLTE-V3 router with 14.07 installed on it as part of my > > > Unlimitedville enrollment. > > > > > > I thought, "wow, this must have been sitting in a warehouse a while! I'd > > > better update it." So I went to the company's support site, grabbed the > > > latest image, flashed it, rebooted and... still running 14.07. > > > > > > For those of you too young to remember, Barrier Breaker was released > > > 10/2014 and included the 3.10.14 kernel (released 6/2013). > > > > > > How is this not cyber security malpractice? A firewall is your first > > > line of defense against cyber attacks. If your firewall has long known, > > > well documented vulnerabilities and exploits, you might as well not have > > > a firewall at all. > > > > > > I wrote them asking why there wasn't a more recent, more secure release > > > of the firewall firmware and this was their response: > > > > > > > > > > Dear Philip, > > > > You dint seem to know what you are talking about and should leave > > > > software to Profesionals like us and relax > > > > > > > > > I hope that most of the companies that use our software are more > > > diligent, and don't incur repetitional damage to our efforts by > > > continuing to ship EOL firmware. > > > > > > I get that not every company has kernel developers in-house, and frankly, > > > providing an updated kernel release for their SoC is the manufacturer's > > > responsibility, and MediaTek has not been responsive in this respect (for > > > the longest time they were shipping a 2.6.36 SDK!). Some of the larger > > > vendors (TPLink, ActionTec, Linksys, DLink, Netgear, et al) or their ODM > > > partners have the option to hold their feet to the fire and make orders > > > contingent on updated SDK's... I doubt that Mofi does the sort of volume > > > that gives them any leverage. > > > > > > But I regress. > > > > > > Class Action suits are becoming more prevalent with computer and > > > networking equipment manufacturers, as the public becomes aware of the > > > increasing cyber security threats as well as manufacturers' implied > > > responsibility to address vulnerabilities in a timely fashion as they > > > become aware of them. > > > > > > I'm calling this out because I honestly hope it's the far outlier in our > > > ecosystem, and not the rule. > > > > > > Sadly, > > > > > > -Philip > > > > > > > > > _______________________________________________ > > > openwrt-devel mailing list > > > openwrt-devel@lists.openwrt.org > > > https://lists.openwrt.org/mailman/listinfo/openwrt-devel > > > > > > > > -- > > Oct 30: https://netdevconf.info/0x17/news/the-maestro-and-the-music-bof.html > > Dave Täht CSO, LibreQos > > > > _______________________________________________ > > openwrt-devel mailing list > > openwrt-devel@lists.openwrt.org > > https://lists.openwrt.org/mailman/listinfo/openwrt-devel -- Oct 30: https://netdevconf.info/0x17/news/the-maestro-and-the-music-bof.html Dave Täht CSO, LibreQos _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
