Switch GS1900 Series - V2.70 Patch 3 Firmware Release

Zyxel_Adam
Zyxel_Adam Posts: 259
Zyxel Certified Network Administrator - Nebula First Comment First Answer Friend Collector
 Master Member
edited August 2022 in Switch New Release

Zyxel Switch GS1900 Series
Release Note
August, 2022

Firmware Version on all models

(Click Hyper link to download the firmware directly)


Zyxel GS1900-8        - V2.70(AAHH.3)

Zyxel GS1900-8HP      - V2.70(AAHI.3)

Zyxel GS1900-8HP(Rev. B1)  - V2.70(AAHI.3)

Zyxel GS1900-10HP          - V2.70(AAZI.3)

Zyxel GS1900-16            - V2.70(AAHJ.3)

Zyxel GS1900-24E         - V2.70(AAHK.3)

Zyxel GS1900-24EP         - V2.70(ABTO.3)

Zyxel GS1900-24           - V2.70(AAHL.3)

Zyxel GS1900-24HPv2        - V2.70(ABTP.3)

Zyxel GS1900-48           - V2.70(AAHN.3)

Zyxel GS1900-48HPv2       - V2.70(ABTQ.3)


New Feature and Enhancements


No.

New Feature and Enhancements

1.

Support hardware revision.

2.

Support IPv6 address for ZON utility.

3.

WebHelp redirects to use online version.

4.

Web GUI “Protected port” rename to “Port Isolation”.

5.

Extend NTP time synchronization interval from 30 seconds to 1 day.

6.

For security enhancement, login password cannot be empty. When admin or user login with empty password, switch will redirect to change password page to change password forcibly.

Bug fix

No.

Bug fix

1.

Fixed stopping power delivery issue on PoE switch models.

2.

Collecting tech support file multiple times continuously may cause switch crashed.

3.

Fixed uClibc and uClibc-ng library related vulnerability.

4.

New 802.1x connection and re-connection is not accessible, since dot1x tx thread is crashed. At the moment, switch stops sending logs to syslog server.

5.

If a window session is not terminated by using the “Logout” button, after HTTP/HTTPs session timeout, any new web session afterward s , the Web G U I will always redirect to the s witch login page when user click “Ignore”, “Getting Started” or “Status” tab.

6.

Switch does not respond properly to SNMP ser ver via partial SNMPv3 settings in V2.70 patch 0 firmware. SNMPv3 entry will need to be set up again if the setting has been sav e d in V2.70 patch 0.

7.

When adding RADIUS server with key string more than 30 characters , configuration is not retained after saving configuration and rebooting switch, and all related RADIUS settings will be eliminated.

8.

Implement ba ckup running config uration or startup config uration more than one time on web GUI causing the page forcibly redirects from configuration backup page to switch login page.

9.

When downloading running configuration or startup configuration on web GUI, web page shows 404 not found.

10.

Switch d oes not send its hostname when reporting log to syslog server.

11.

Fixed open SSL related vulnerability.

12.

Fixed XSS related vulnerability.

13.

Fixed JS library related vulnerability.

14.

Fixed X Frame options related vulnerability.

15.

Fixed X Content Type Options related vulnerability.

16.

[CVE-2021-35031] Fixed Arbitrary command injection in TFTP.

17.

[CVE-2021-35032 ] Fixed Arbitrary command injection in libsal.so.

18.

[CVE-2012-6708] [CVE-2014-6071][CVE-201607103][CVE-2015-9251][CVE-2019-11358] Fixed jQuery related vulnerability.


Please refer to the Download Link for more details.

Adam

Comments

  • Hello, is firmware support for GS1900-24HP dropped in the 2.70 version?  It looks like the last update for it is for 2.60. Is this true?
  • Zyxel_Andrew
    Zyxel_Andrew Posts: 469
    25 Answers First Comment Friend Collector Third Anniversary
     Zyxel Employee
    Hello. To get the latest firmware version for EOL products (which is GS1900-24HP), please look here:
    https://webservice.zyxel.com/end-of-life
  • NEP
    NEP Posts: 34
    First Comment Friend Collector
     Freshman Member
    Hello. What has changed in this release? According to the download page and release notes, it appears to be the same version that was released back in August. The only difference I saw in the notes was that the "Change History" entry was changed to "V2.70(Axxx.3) | 10/26/2022". Right now, the dashboard of our GS1900-24EP shows "V2.70(ABTO.3) | 07/26/2022". Do we need to upgrade? What was the reason for the re-release? Thanks!
  • Zyxel_Adam
    Zyxel_Adam Posts: 259
    Zyxel Certified Network Administrator - Nebula First Comment First Answer Friend Collector
     Master Member
    Hi @NEP,

    The main problems that we fixed for this patch are
    1. Fixed stopping power delivery issue on PoE switch models.
    This is a severe issue that occurs to many customer on GS1900-24HPv1.
    2. Collecting tech support file multiple times continuously may cause switch crashed
    This issue may affect all GS1900 Series.
    Since you are using GS1900-24EP, these issues will not directly affect your switch.

    Hope these information help you,

    Adam
  • NEP
    NEP Posts: 34
    First Comment Friend Collector
     Freshman Member
    Thanks for the info. Seems odd to not increment the version (only the date) for something major like that.