jQuery 1x or 2x security vulnerability

DOWNLOAD THE LATEST FIRMWARE HERE
tcmarkos
Member
 
Posts: 5
Joined: Wed Feb 27, 2019 11:23 am
Has thanked: 3 times
Been thanked: 1 time

jQuery 1x or 2x security vulnerability

Mon Jul 18, 2022 2:17 pm

A security vulnerability in the WISP switches was recently brought to my attention. jQuery V1x or 2x was detected in a security vulnerability scan. this is end of life software. jquery-2.1.0.min.js is on the switch with version 1.5.14. When can we expect a FW update that includes jQuery V3 for enhanced security? Also SNMPv3 is a security feature that we are interested in as well. Are there any plans to add this for added security? We currently are utilizing 168 WISP switches in our networks, and have been very happy with them.

Thanks,
Clay Markos
Wyoming DOT

WYDOT
Member
 
Posts: 1
Joined: Fri Dec 04, 2020 10:38 am
Has thanked: 0 time
Been thanked: 1 time

Re: jQuery 1x or 2x security vulnerability

Sat Nov 26, 2022 4:47 pm

Over 4 months waiting for a simple security risk issue. Zero response. I would call them but good luck on finding a number. State has over 500 switches to replaced and loved the Netonix switches. Have replaced about 20% of old fleet. Because of your lack of care to just answer the question the state has forced me to purchase any switch but your brand. All you had to do answer with yes, no or working on it. Great job technical support ..

User avatar
Dave
Employee
Employee
 
Posts: 726
Joined: Tue Apr 08, 2014 6:28 pm
Has thanked: 1 time
Been thanked: 158 times

Re: jQuery 1x or 2x security vulnerability

Sun Nov 27, 2022 11:13 am

arrggg..sorry..i missed responding to your post when you posted it...sigh...for what it is worth now, it is on the list to be fixed when we release another round of firmware for the WS line of products.

tcmarkos
Member
 
Posts: 5
Joined: Wed Feb 27, 2019 11:23 am
Has thanked: 3 times
Been thanked: 1 time

Re: jQuery 1x or 2x security vulnerability

Mon Nov 28, 2022 12:14 pm

When can we expect the new FW that corrects both issues?

User avatar
mike99
Associate
Associate
 
Posts: 837
Joined: Tue Nov 25, 2014 10:53 am
Location: Quebec, Canada
Has thanked: 95 times
Been thanked: 245 times

Re: jQuery 1x or 2x security vulnerability

Mon Nov 28, 2022 4:29 pm

Yes, vulnerabilities should be fix fast, but it shouldn't be a huge issue if your network is properly secured by a management VLAN not reachable from other subnets including other VLANs.

User avatar
mayheart
Experienced Member
 
Posts: 166
Joined: Thu Jan 15, 2015 1:42 pm
Location: Canada
Has thanked: 43 times
Been thanked: 40 times

Re: jQuery 1x or 2x security vulnerability

Mon Nov 28, 2022 9:03 pm

That's not how a lot of corporations and government sees it.

If it fails an internal scan, it needs to be fixed or it has to go.

Even cyber security insurance is starting to demand audit scans.

tcmarkos
Member
 
Posts: 5
Joined: Wed Feb 27, 2019 11:23 am
Has thanked: 3 times
Been thanked: 1 time

Re: jQuery 1x or 2x security vulnerability

Thu Dec 01, 2022 11:33 am

mayheart is correct, if it is flagged as an issue in our (state of Wyoming cyber security) internal scans it has to be fixed or replaced with something that can pass the scans, regardless of cost. The cost just determines how fast or slow we replace vulnerable equipment. Netonix WISP switches were selected due to the features and cost, however, if they are not secure, the cost no longer matters....

Return to Hardware and software issues

Who is online

Users browsing this forum: No registered users and 45 guests