Page 1 of 1

jQuery 1x or 2x security vulnerability

Posted: Mon Jul 18, 2022 2:17 pm
by tcmarkos
A security vulnerability in the WISP switches was recently brought to my attention. jQuery V1x or 2x was detected in a security vulnerability scan. this is end of life software. jquery-2.1.0.min.js is on the switch with version 1.5.14. When can we expect a FW update that includes jQuery V3 for enhanced security? Also SNMPv3 is a security feature that we are interested in as well. Are there any plans to add this for added security? We currently are utilizing 168 WISP switches in our networks, and have been very happy with them.

Thanks,
Clay Markos
Wyoming DOT

Re: jQuery 1x or 2x security vulnerability

Posted: Sat Nov 26, 2022 4:47 pm
by WYDOT
Over 4 months waiting for a simple security risk issue. Zero response. I would call them but good luck on finding a number. State has over 500 switches to replaced and loved the Netonix switches. Have replaced about 20% of old fleet. Because of your lack of care to just answer the question the state has forced me to purchase any switch but your brand. All you had to do answer with yes, no or working on it. Great job technical support ..

Re: jQuery 1x or 2x security vulnerability

Posted: Sun Nov 27, 2022 11:13 am
by Dave
arrggg..sorry..i missed responding to your post when you posted it...sigh...for what it is worth now, it is on the list to be fixed when we release another round of firmware for the WS line of products.

Re: jQuery 1x or 2x security vulnerability

Posted: Mon Nov 28, 2022 12:14 pm
by tcmarkos
When can we expect the new FW that corrects both issues?

Re: jQuery 1x or 2x security vulnerability

Posted: Mon Nov 28, 2022 4:29 pm
by mike99
Yes, vulnerabilities should be fix fast, but it shouldn't be a huge issue if your network is properly secured by a management VLAN not reachable from other subnets including other VLANs.

Re: jQuery 1x or 2x security vulnerability

Posted: Mon Nov 28, 2022 9:03 pm
by mayheart
That's not how a lot of corporations and government sees it.

If it fails an internal scan, it needs to be fixed or it has to go.

Even cyber security insurance is starting to demand audit scans.

Re: jQuery 1x or 2x security vulnerability

Posted: Thu Dec 01, 2022 11:33 am
by tcmarkos
mayheart is correct, if it is flagged as an issue in our (state of Wyoming cyber security) internal scans it has to be fixed or replaced with something that can pass the scans, regardless of cost. The cost just determines how fast or slow we replace vulnerable equipment. Netonix WISP switches were selected due to the features and cost, however, if they are not secure, the cost no longer matters....