Security Hardening, WLAN/VPN Stability, and Modem Compatibility Improvements
NB1800 SeriesNetModule
Security Fixes
RADIUS fixes:
#577010, CVE-2024-3596: The RADIUS protocol had a vulnerability that potentially made it susceptible to forgery attacks, which could modify the Access-Accept or Access-Reject RADIUS response, this is fixed
Fixes
- Event handling:
#401463, wanlink down and up events have been extended to include whether the link in question was a hotlink. - LXC fixes:
#457860, LXC DNS setting would remain if the container was deleted. This is fixed. - SDK fixes:
#516302, A segmentation fault found in json_encode is now fixed.
#566371, SDK Scripts using nb_transfer_put could result in an error. This is fixed. - WLAN fixes:
#516306, The AC Access Controller now supports whitespace within the SSID. #516702, WLAN outdoor setting now correctly includes DFS channels in automatic channel selection.
#559982, Fast Transition is now working properly for WPA3 configurations in AP mode and PreAuth for WPA2.
#567523, Configuring multiple alias IPs on a WLAN client device could result in unsolicited netmask changes during operation.
#568830, Specific WLAN configurations could result in a wrongfully terminating daemon and lead to a reboot loop. - OpenVPN fixes:
#529381, Special characters are now allowed in P12 passwords. - IPSEC fixes:
#529398, In some scenarios charon daemon for IKEv2 could hang indefinetly. This is fixed.
#590128, IPSEC configurations containing FQDN remote peer addresses could not be started, when the firewall policy was configured to drop DNS traffic. - Web-UI fixes:
#531063, On some WAN link settings he spinner could be displayed indefinitely and refreshing the page would result in duplicate configuration entries.
#549695, In some cases after setup LAN as WAN the spinner overlay was displayed for a long time. - Wired 802.1X fixes:
#531890, On specific hardware variants the service could not be started. - SDK fixes (SNMP):
#542827, SNMP - A resource leak within the sdkhost is now fixed. - Recovery improvments:
#549020, In the recovery image for TimeServer the web interface was not available. - Network fixes:
#553114, Changing the DNS setting in specific situations during a DHCP renew resulted in the device setting the link state down. - VoIP fixes:
#554513, Ongoing VoIP got canceled on an incoming second call, this is fixed. - Dynamic DNS fixes:
#556837, In some cases the update script for dynamic DNS services could be running multiple times at one. - Modem fixes
#563433, A bug causing a modem to hang, until a timeout while waiting for an AT command.
#571476, On hardware variants(NB18x0, NB28x0, NB3800) with Telit modems some characters in provider APNs would lead to an error and no connection could be established.
#574217, On certain hardware versions equipping three WWAN modems could lead to reboot issues. - BGP fixes:
#568811, In some cases, BGP packets were not properly routed via WWAN interfaces if updating an existing configuration from an older NRSW version. - Firewall fixes:
#580372, NAPT rules containing a destination IP were not applied correctly.
#584117, There has been an issue, where firewall rules would have been created, even if the automatic firewall setup was declined when setting up a WAN connection. - 802.1X fixes
#584104, Wired 802.1X would not work if the devices was used as a WLAN client at the same time.
Known Issues
WAN-MTU
#578728, If the cellular network does not provide MTU information, ublox LARA-L6 modems use 1428 Byte as a default. This may lead to issues if an MTU of 1500 is expected.
Discontinued Features
Modem fixes
#553311, u-Blox TOBY modem auto reset feature removed. This functionality mitigated a TOBY firmware issue in older modem firmware versions. The issue is
fixed in firmware version 17.00,A01.03. You must not use this, or any newer NRSW release with TOBY modem firmware 17.00,A01.02 or older. Generally we strongly recommend to update th modem firmware to 17.00,A01.03 as soon as possible.
