mdex Support>MX530/MX880 Firmware Release Notes

MX530/MX880 Firmware Release Notes

MX530 & MX880

Version 02.517 (10/2022)

Major changes and improvements:
  • DDNS: A bug in the Dynamic DNS implementation has been fixed.
  • System log: In case of "Save log in Flash memory", it is now written to a ring buffer to avoid memory overflows.
  • Security: In the menu Network -> LAN -> Configuration -> Advanced Settings there is now a new option Enable IP Source Address Spoofing filter (enabled by default). This causes IP packets with false or forged sender IP addresses sent from the LAN to the router to be automatically discarded (according to RFC2827).

Updates & security Improvements:
  • Kernel: CVE-2020-25705 (Mitigation)
  • OpenSSL: CVE-2021-3711, CVE-2021-3712
  • OpenVPN: CVE-2020-15078
  • Busybox.wget: CVE-2018-1000500
  • Curl: CVE-2020-8169, CVE-2020-8231, CVE-2020-8285
  • Dropbear: CVE-2020-36254
  • Dnsmasq: CVE-2020-25681, CVE-2020-25681..CVE-2020-25687
  • Glib2: CVE-2019-12450, CVE-2019-13012
  • Json-c: CVE-2020-12762

The firmware for this product includes software code developed by a third party under the GNU General Public License ("GPL") or GNU Lesser General Public License ("LGPL"). For more information about the terms of use and the GPL code and LGPL code used in this software, please refer to the following link together with the firmware:
MX880_MX530 Firmware-Paket_02.517 (*.zip)
ALERT! The required firmware file MX880_R_mdex.xx.xxx_WEBUI for the update. bin is located in the firmware package (*.zip) in the folder Binaries folder.
The GPL code and LGPL code included in the firmware for this product is distributed without any warranty or guarantee on the part of the corresponding authors of the software; the copyright for it is held by one or more authors. For details, see the pdf Open-Source license notes, GPL code and LGPL code of the firmware for this product and the GPL and LGPL terms of use.
How to make a MX530/MX880 Firmware update

Version 02.465 (07/2022)

  • Improved security of SMS implementation

The firmware for this product includes software code developed by a third party under the GNU General Public License ("GPL") or GNU Lesser General Public License ("LGPL"). For more information about the terms of use and the GPL code and LGPL code used in this software, please refer to the following link together with the firmware:
MX880_MX530 Firmware-Paket_02.465 (*.zip)
ALERT! The required firmware file MX880_R_mdex.xx.xxx_WEBUI for the update. bin is located in the firmware package (*.zip) in the folder Binaries folder.
The GPL code and LGPL code included in the firmware for this product is distributed without any warranty or guarantee on the part of the corresponding authors of the software; the copyright for it is held by one or more authors. For details, see the pdf Open-Source license notes, GPL code and LGPL code of the firmware for this product and the GPL and LGPL terms of use.
How to make a MX530/MX880 Firmware update

Version 02.454 (04/2021)

ALERT! The default login password has been changed!

To increase security, the former default login password admin01 has been changed from MX530/MX880 firmware version 02.453 to an individual login password in the following format: M#Serialx
(For the Serial please refer to the label on the bottom of the router or the box.)

Example:
Router Serial: 1102699330
Login-Password: M#1102699330x

  • Major changes in this version:
    1. New default login password in the format M#Serialx.
      • To increase security, the original default logion password admin01 has been changed to the format M#Serialx.
    2. Automatic migration to current mdex OpenVPN settings:
    3. OpenVPN Role mdex public.IP have been updated:
      • The new settings publicip20.mdex.de have been implemented at VPN -> OpenVPN in the Role 'mdex public.IP'.
    4. MTU of SIM card can be set by WebUI:
      • The MTU of the SIM card can be set by WebUI at "Network --> Mobile (SIM)", see here.
    5. The connection type PPP works properly again
      • From firmware 02.323 to 02.400, data transmission no longer worked when the connection type was changed from QMI to PPP.

  • Fixes:
    • A problem with the transmission of IP data packets of exactly 512 bytes (and multiples) in the Telekom network has been fixed.
    • I/O rules: fixed sending incorrect messages when input is triggered
    • System: default time set to 2021-01-01 01:00:00
    • GPS: updated default options for GPS position display at mdex Management Portal (mCOP), see GPS Positionsanzeige (RUT955 / RUT956 / MX880)
    • WebUI: updated design

  • Updates & security
    • OpenSSL: updated to 1.1.1i version
    • uhttpd: updated to 2020-02-12 version
    • libubox: updated to 2020-01-20 version
    • dnsmasq: updated to 2.82 version
    • uci: updated to 2020-10-06 version and added patches for CVE-2020-28951
    • OpenVPN: added patches for CVE-2020-11810
    • strongswan: added patch for CVE-2018-10811
    • hostapd: added patches for CVE-2019-16275, CVE-2019-11555 and CVE-2019-13377
    • net-snmp: added patches for CVE-2020-15861 and CVE-2020-15862
    • samba36: added patches for CVE-2019-3824 and CVE-2019-3880
    • PPP: fix Security Advisory 2020-02-21-1 - ppp buffer overflow vulnerability (CVE-2020-8597)
    • Connection-manager: updated to V2.0

The firmware for this product includes software code developed by a third party under the GNU General Public License ("GPL") or GNU Lesser General Public License ("LGPL"). For more information about the terms of use and the GPL code and LGPL code used in this software, please refer to the following link together with the firmware:
MX880_MX530 Firmware-Paket_02.453 (*.zip)
ALERT! The required firmware file MX880_R_mdex.xx.xxx_WEBUI for the update. bin is located in the firmware package (*.zip) in the folder Binaries folder.
The GPL code and LGPL code included in the firmware for this product is distributed without any warranty or guarantee on the part of the corresponding authors of the software; the copyright for it is held by one or more authors. For details, see the pdf Open-Source license notes, GPL code and LGPL code of the firmware for this product and the GPL and LGPL terms of use.
How to make a MX530/MX880 Firmware update

Version 02.453 (04/2021)

  • The existing login password is kept during firmware update with "keep all settings".
  • All changes/new features according to version 02.454 (except OpenSSL version 1.1.1k)

Version 02.448 (02/2021)

This is a BETA version that has not been rolled out officially.
  • New features according to Version 02.453
  • Login password is reset during firmware update with "Keep all settings" to the new format M#Serialx (-> corrected in version 02.453).

Version 02.400 (04/2020)

Major changes in this version:

  • Functionality optimisations:
    • The functionality of the operator blacklist/whitelist was corrected.
    • I/O input (PIN 9,6): The display of wrong voltage values at "Analog input" was corrected.
    • The OpenVPN client now also supports the entries in the field "Extra Options".
    • The MultiWAN functionality has been improved (route change and restart of services optimised).

  • Updates & security improvements
    • Update OpenSSL to version 1.1.1c
    • Update OpenVPN to version 2.4.7
    • Update busybox to version 1.30.1
    • Update curl to version 7.66.0
    • Update dropbear to version 2019.78
    • Update dnsmasq to version 2.80
    • WebUI: CVE-2019-12272 fix implemented

Known issues of version 02.400:
  • Connection Type "PPP" in mobile settings no longer works since version 02.323.
    (The router only needs to be changed to PPP in rare special cases.
  • The "Realtime Traffic" under Status -> Graphs in the Traffic tab is no longer displayed since version 02.400.

Version 02.353 (08/2019)

Major changes in this version:
  • Improved congestion indicator of GSM LED.
  • Fixed a problem when using multiple WLAN SSIDs (Multi-SSID).

Version 02.344 (05/2019)

Major changes in this version:
  • Support for additional flash memory device types for the MX880 (installed from MX880 Serial 1102xxxx / Production 05/2019).
    info This firmware is pre-installed on all MX880 routers with new flash devices (from Serial 1102xxxx onwards).
    A firmware update of MX530 routers and MX880 routers up to Serial 1101xxxxxx, which already have firmware 02.328 installed, is not required.

Version 02.328 (04/2019)

Major changes in this version:
  • For the daily reboot (periodic reboot), a time between 23:00 and 23:59 is randomly set for the first start.
    (This results in a load distribution of new registrations on the mobile network).
  • New LTE modem driver implemented. The mobile connection is now also reliably re-established after special events in the mobile network.

All changes in detail (English):
  • Busybox: updated to 1.30.0 version
  • libubox: updated to 2018-07-25
  • uci: updated to 2018-08-11
  • uhttpd: updated to 2018-11-28
  • chkimage: updated firmware validation script
  • CPU-usage: updated cpu usage script
  • WebUI: updated overview page to work with updated libubox and uci
  • Periodic-reboot: added script which generating random minutes for periodic reboot on first device boot
  • quectel-CM: add new quectel-CM version
  • Shell scripts: remove 'local' from global variables
  • Uhttpd: added JSON RPC option
  • WebUI: added JSON RPC enable/disable option
  • OpenVPN: client Username and Password save fix

Version 02.310 (12/2018)

Major changes in this version:
  • Security: Kernel vulnerability CVE-2017-18017 has been closed.
  • Security: WLAN vulnerability CVE-2018-14526 has been closed
  • Security: curl has been updated to version 7.62.0 to fix various security issues
  • Security: OpenSSL has been updated to version 1.0.2p to fix several security issues
  • DHCP: A problem changing the leasetime via the WebUI has been fixed.
  • SIM-Switching: The "Initial timeout (min)" setting of the "Switch back to primary SIM card after timeout" function is now correctly taken into account.
  • OpenVPN: After changing the OpenVPN access data, a running OpenVPN connection is now automatically restarted.
  • OpenVPN: When setting up a fixed.IP+ OpenVPN connection, the server openvpn20.mdex.de is now used.
  • OpenVPN: Update to OpenVPN version 2.4.5
  • WebUI: A problem with the SIM2 configuration (with Expert mode switched off) has been solved.
  • WebUI: Display problems of the OpenVPN connection status were solved

Version 02.275 (04/2018)

First official version of the MX530 router for sales launch.
(This firmware is compatible for both router models: MX530 checked | MX880 checked)

Major changes in this version:
  • Security: Kernel vulnerability CVE-2016-10229 has been closed.
  • Security: Insecure SSH encryption algorithms are no longer supported
  • HTTPS: A certificate problem with the Firefox browser has been fixed
  • Graphs: Mobile Traffic Tab is now displayed on all hardware versions
  • SMS Forwarding: HTTPS is now also supported as a destination (certificates can be uploaded in the menu "Administration->Root CA")
  • Restore Point: Problems with restoring restore points have been solved
  • RS232/RS485: Implementation revised/optimised
  • Reset to factory settings: The events log is now also deleted
  • Firewall (factory settings): Incoming ICMP pings are now also answered via VPN connections
  • WAN mode (expert mode): The backup WAN settings have been optimised. Health monitor interval: 30 sec, Health monitor ICMP host(s): 195.39.176.22, Health monitor ICMP timeout: 3 sec, Attemps before failover/recovery: 3

MX880 only

Version 02.237 (02/2018)

Major changes in this version:
  • When HTTPS remote access and DMZ host forwarding (Exposed Host) are enabled at the same time, all IPsec-relevant ports (e.g. UDP 500, 4500, etc.) are now forwarded correctly to the target host. Explicit port forwarding rules are now no longer required for this.
  • When resetting to factory settings, the SIM PIN for SIM1 stored in the mobile settings is now also deleted.
  • After importing a backup file, a complete MX880 restart is now carried out so that all new settings are applied.
  • An error in controlling the RS232 interface of MX880 routers with a 10-digit serial number has been eliminated.
  • Various improvements in establishing the mobile connection in special cases.

Version 02.221 (11/2017)

Major changes in this version:
  • WLAN WPA2 security vulnerability "KRACK" has been closed, thus increasing WLAN security.
  • dnsmasq updated to version 2.78 (closes several security holes)
  • Optimisation of HTTPS certificate creation
  • Dropbear (SSH) was optimised

Version 02.205 (10/2017)

*Important notes for MX880 from serial number 10xxxxxx*

Please note that the mdex router MX880 from serial number 10xxxxxxxx onwards is equipped with a modernised LTE module (Category 4). This results in the following changes:
  • The two connections 'LTE MAIN' and 'LTE AUX' have been exchanged. Please pay attention to the labelling on the housing.
  • The current firmware as of 02.205 automatically detects the LTE module used and therefore works with all hardware variants.
  • However, the backup configuration files of the MX880 up to Serial 9xxxxxxx and from Serial 10xxxxxxx are not compatible with each other.
    (If an incompatible configuration file is selected in 'Restore Configuration', the error message "Incompatible backup file selected, please choose another file" appears).

Major changes in this version:
  • Support for the new LTE module from MX880 serial number 10xxxxxxxx.
  • Various optimisations of the functionality:
    • A possible malfunction in the "WAN backup configuration" has been eliminated.
    • The OpenVPN client is automatically restarted if the username/password has been changed.
    • Improvements in sending SMS (I/O status, forwarding to e-mail).
    • Possible malfunction at "Ping Reboot" removed (after a new rule was added).
    • SMS utilities: firmware upgrade function added
    • Various optimisations of the WebUI/parameters:
      • Additional warning messages and notes added.
      • The parameter 'clean after reboot' was activated as default.

  • Updates & Security Improvements:
    • OpenVPN update to version 2.4.2
    • OpenSSL update to version 1.0.2l
    • curl update to version 7.55.1
    • dropbear update to version 2017.75
    • dnsmasq update to version 2.77
    • uboot update to version 3.0.1
    • Samba security patch CVE-2017-7494 was implemented
    • NET-SNMP security patch CVE-2015-5621 was implemented

Version 02.161 (08/2017)

Major changes in this version:
  • SMS: An error when saving SMS messages to the SIM card has been fixed.
  • SIM Switching: The automatic SIM card switch from SIM1 -> SIM2, or SIM2 -> SIM1 on a defined event is now executed properly.

Version 02.151 (10/2016)

Major changes in this version:
This update addresses security vulnerabilities, some of which have been deemed critical. MX880 routers with the older firmware version 02.100 should definitely be upgraded to version 02.151 (or newer)
.
  • A potentially severe vulnerability in the router's HTTP/HTTPS web server has been fixed.
  • OpenSSL has been upgraded to a newer version for security reasons.
  • A problem in the "Deny data roaming" function has been resolved.
  • The operation of the router WebUI via HTTPS has been improved.
  • Incorrect 'connection type' in the graphical display under 'Status -> Graphs' corrected.
  • Various optimisations of the WebUI and functionality of the router.

Version 02.100 (07/2016)

First firmware version for the MX880 sales launch.