24.9.79.151 - November 2024, Feature

Release category: Mandatory

New features

  1. Support for encrypted firmware images has been added

    In order to update to the 24.9.79.151 or later firmware, the device must be running either the 24.6.17.54 or 24.6.17.69 firmware.

  2. Support for a new asynchronous Query State mechanism has been added to allow the device to push detailed status information to Digi Remote Manager for the following functional groups:

    • System

    • Cloud

    • Ethernet

    • Cellular

    • Interface

  3. A new Configuration Rollback feature when configuring the device using Digi Remote Manager has been added. With this rollback feature, if the device loses its connection with Digi Remote Manager due to a configuration change, it will roll back to its previous configuration and reconnect to Digi Remote Manager.

Enhancements

  1. The defaultip and defaultlinklocal interfaces have been renamed to setupip and setuplinklocal respectively.

    The setupip and setuplinklocal interfaces can be used to initial connect to and do initial configuration using a common IPv4 192.168.210.1 address.

  2. The cellular support has been updated to default to use CID 1 instead of 2. The device will check for a saved CID for the SIM/Modem combination before using the default CID so that existing connected device are unaffected.

  3. The configuration support has been updated so that the user must re-enter their original password when changing their password.

  4. Support for configuring a custom SST 5G slicing option has been added.

  5. The Wireguard support has been updated on the Web UI to have a button to create peer configurations.

  6. The system factory-erase CLI command has been updated to prompt the user to confirm the command.

    This can overridden using the force parameter.

  7. The Python config module has been updated to allow configuration items to created and deleted.

  8. Support for configuring TCP timeout values has been added. The new configuration is under the Network > Advanced menu.

  9. Support for displaying a message for users not using 2FA when logging in when PrimaryResponder mode is enabled has been added.

  10. The email notification support has been updated to allow the notifications to be sent to a SMTP server using no authentication.

  11. The Ookla Speedtest support has been updated to include the cellular statistics when the test is run over a cellular interface.

  12. Support for displaying the 5G NCI (NR Cell Identity) status in DRM, Web UI and CLI has been added.

  13. The CLI and Web UI Serial page has been updated to allow the user to set sequential IP port numbers for SSH, TCP, telnet, UDP services on multiple serial ports.

  14. The modem logging has been updated to log the APN instead of the index and remove other unnecessary log entries.

  15. The way the watchdog calculates the amount of memory that is being used has been updated.

  16. The title and description for the password_pr parameter has been updated to help distinguish it from the password parameter.

  17. TX40: The amount of messages logged by the TX40 Wi-Fi driver to prevent the system log from being saturated with Wi-Fi debug messages.

Security fixes

  1. The Linux kernel has been updated to v6.10 [DAL-9877]

  2. The OpenSSL package has been updated to v3.3.2 [DAL-10161]

    CVE-2023-2975 CVSS Score: 5.3 Medium

  3. The OpenSSH package has been updated to v9.8p1 [DAL-9812]

    CVE-2024-6387 CVSS Score: 8.1 High

  4. The ModemManager package has been updated to v1.22.0 [DAL-9749]

  5. The libqmi package has been updated to v1.34.0 [DAL-9747]

  6. The libmbim package has been updated to v1.30.0 [DAL-9748]

  7. The pam_tacplus package has been updated to v1.7.0 [DAL-9698]

    CVE-2016-20014 CVSS Score: 9.8 Critical

    CVE-2020-27743 CVSS Score: 9.8 Critical

    CVE-2020-13881 CVSS Score: 7.5 High

  8. The linux-pam package has been updated to v1.6.1 [DAL-9699]

    CVE-2022-28321 CVSS Score: 9.8 Critical

    CVE-2010-4708 CVSS Score: 7.2 High

  9. The pam_radius package has been updated to v2.0.0 [DAL-9805]

    CVE-2015-9542 CVSS Score: 7.5 High

  10. The unbound package has been updated to v1.20.0 [DAL-9464]

    CVE-2023-50387 CVSS Score: 7.5 High

  11. The libcurl package has been updated to v8.9.1 [DAL-10022]

    CVE-2024-7264 CVSS Score: 6.5 Medium

  12. The GMP package has been updated to v6.3.0 [DAL-10068]

    CVE-2021-43618 CVSS Score: 7.5 High

  13. The expat package has been updated to v2.6.2 [DAL-9700]

    CVE-2023-52425 CVSS Score: 7.5 High

  14. The libcap package has been updated to v2.70 [DAL-9701]

    CVE-2023-2603 CVSS Score: 7.8 High

  15. The libconfuse package has been updated with latest patches. [DAL-9702]

    CVE-2022-40320 CVSS Score: 8.8 High

  16. The libtirpc package has been updated to v1.3.4 [DAL-9703]

    CVE-2021-46828 CVSS Score: 7.5 High

  17. The glib package has been updated to v2.81.0 [DAL-9704]

    CVE-2023-29499 CVSS Score: 7.5 High

    CVE-2023-32636 CVSS Score: 7.5 High

    CVE-2023-32643 CVSS Score: 7.8 High

  18. The protobuf package has been updated to v3.21.12 [DAL-9478]

    CVE-2021-22570 CVSS Score: 5.5 Medium

  19. The dbus package has been updated to v1.14.10 [DAL-9936]

    CVE-2022-42010 CVSS Score: 6.5 Medium

    CVE-2022-42011 CVSS Score: 6.5 Medium

    CVE-2022-42012 CVSS Score: 6.5 Medium

  20. The lxc package has been updated to v6.0.1 [DAL-9937]

    CVE-2022-47952 CVSS Score: 3.3 Low

  21. The Busybox v1.36.1 package has been patched to resolve a number of CVEs. [DAL-10231]

    CVE-2023-42363 CVSS Score: 5.5 Medium

    CVE-2023-42364 CVSS Score: 5.5 Medium

    CVE-2023-42365 CVSS Score: 5.5 Medium

    CVE-2023-42366 CVSS Score: 5.5 Medium

  22. The Net-SNMP v5.9.3 package has been updated to resolve a number of CVEs.

    CVE-2022-44792 CVSS Score: 6.5 Medium

    CVE-2022-44793 CVSS Score: 6.5 Medium

  23. SSH support is now disabled by default for devices that have Primary Responder support enabled. [DAL-9538]

  24. Support for TLS compression has been removed. [DAL-9425]

  25. The Web UI session token is now expired when the user logs out. [DAL-9539]

  26. The device’s MAC address has been replaced with the serial number in the Web UI login page title bar. [DAL-9768]

Bug fixes

  1. An issue where the same ICCID was being reported for both SIM1 and SIM2 has been resolved. [DAL-9826]

  2. The system > schedule > reboot_time parameter has been updated to be a full parameter and can now be configured via Digi Remote Manager. Previously it was an alias parameter which can be configured by Digi Remote Manager. [DAL-9755]

  3. An issue where a device could get stuck using a particular SIM slot even though no SIM was detected has been resolved. [DAL-9828]

  4. An issue where US Cellular would be displayed as the carrier when connected to Telus has been resolved. [DAL-9911]

  5. An issue with Wireguard where the public key generated using the Web UI not being saved correctly when has been resolved. [DAL-9914]

  6. An issue where an invalid status could be returned to Digi Remote Manager when doing a cellular modem firmware update has been resolved. [DAL-10382]

  7. An issue where IPsec tunnels disconnected when old SAs were being deleted has been resolved. [DAL-9923]

  8. An issue where starting BGP would cause an error to be output on the Console port has been resolved. [DAL-10062]

  9. An issue where a serial bridge would fail to connect when FIPS mode was enabled has been resolved. [DAL-10032]

  10. An issue where the serial port could stall when changing the setting of a serial port has been resolved. [DAL-5230]

  11. An issue where a firmware update file downloaded from Digi Remote Manager could cause the device to disconnect to more than 30 minutes has been resolved. [DAL-10134]

  12. An issue with the SystemInfo group in the Accelerated MIB not being indexed correctly has been resolved. [DAL-10173]

  13. An issue with the RSRP and RSRQ not being reported on EX50 devices has been resolved. [DAL-10211]

  14. The Deutsche Telekom 26202 PLMN ID and 894902 ICCID prefix have been added to ensure the correct Provider FW is displayed. [DAL-10212]

  15. The help text for the Hybrid Addressing mode has been updated to indicate that the IPv4 address mode needs to be configured to either Static or DHCP. [DAL-9866]

  16. An issue where the default values for boolean parameters where not being displayed in the Web UI has been resolved. [DAL-10290]

  17. An issue with validating configuration changes made by a custom script have been resolved. [DAL-10450]

  18. An issue preventing read-only users from running the show surelink or event list CLI commands has been resolved. [DAL-10418]

  19. An issue where a blank APN was being written in mm.json file has been resolved. [DAL-10285]

  20. An issue where the watchdog would incorrectly reboot the device when the memory warning threshold is exceeded has been resolved. [DAL-10286]

  21. The Python live image has been updated to include the libsqlite3.so library which is required by the Python sqlite3 module. [DAL-9661]

  22. The following issues with the Bluetooth scanner have been resolved

    1. Some detected Bluetooth devices where missing from data sent to remote servers. [DAL-9902]

    2. The Bluetooth scanner data being sent to remote devices did not include hostname and location fields. [DAL-9904]

    3. The device would reboot intermittently when the Bluetooth scanner feature was enabled with an output filter. A new purge_timeout option has been added to allow the user to specify that old sightings are to be removed from the list of confirmed static devices after the specified time in seconds. The default is 0s which means purge_timeout is disabled by default.

  23. IX20: An issue where the IX20W had significantly slowed down has been resolved. [DAL-10182]

  24. TX40: An issue where the Wi-Fi clients connected to a TX40 not being displayed on CLI show wifi ap <name> command and on the Web UI has been resolved. [DAL-10127]

  25. TX40: An issue where the 5G band information was not being displayed on the TX40 has been resolved. [DAL-8926]

  26. TX40: An issue where the TX40 GNSS support could lose its fix after remaining connected for many days has been resolved. [DAL-9905]

  27. TX54: The 5G support on the TX54 platforms has been updated to default to NSA mode. [DAL-9953]

  28. TX64: An issue with the RSRP and RSRQ not being reported on TX64 5G devices has been resolved. [DAL-10211]