This firmware resolves an issue that was discovered on the Actiontec WEB6000Q with a firmware number lower than the 1.1.10.20a.t firmware. The issue was that the admin login session cookie was insecurely generated making admin session hijacking possible. When an admin logged in to the unit, a session cookie was generated using the time of day rounded to 10ms. Since the web server returned its current time of day in responses, it was possible for an attacker to step backward through possible session values until a working one was found. Firmware versions after 1.1.10.20 starting with 1.1.10.20a.t securely randomize the session cookie eliminating this attack vector.
NOTES:
Be sure to make note of any custom settings before upgrading your unit.
Mac users using Safari may need to disable the 'Open 'safe' files after downloading' option before downloading this file.
Actiontec Electronics will not provide a refund or replacement, for products that have failed due to the loading of incorrect firmware or the testing of custom firmware.
(To identify your Actiontec product, look for the model number. It is located on the FCC sticker, found on the bottom or back of the product. Typically the model number is in the sticker's upper right-hand corner.)
This Firmware Upgrade (1.1.10.20re) is for the NCS WEB6000Q ONLY. It is not to be used on any other model. This is an NCS (Non-Customer Specific) Firmware and is not intended as an Upgrade for ANY ISP Specific Firmware, regardless of version number. Therefore, you should not load an NCS Firmware Upgrade on to a device that currently has an ISP Specific Firmware installed. The reverse is also true. You should not load an ISP Specific Firmware Upgrade on to a device that currently has an NCS version installed. These types of upgrades frequently result in a nonfunctional device.
Clicking the link below will initiate the download, and at the prompt 'Do you want to run or save this file?' select 'Save'. At the following 'Save As' dialog, be sure to select a familiar location to save the file, like 'My Documents' or the 'Desktop', so that the file will be easy to find later.
Please download and read the firmware upgrade instructions below before proceeding.
Click the link below to download the firmware
Comments
4 comments
Unfortunately, the download link to the firmware gives a "File Not Found" error when attempting to download, can you please correct this (WEB6000Q Firmware)
Cale,
Our IT team has fixed the link and it is now working. I also responded to one of the two tickets you submitted. I hope that will resolve your question about the broken link. If you have any other questions please let us know.
Hi Mike,
Is there a certain procedure that needs to be followed in order for this device to be upgraded? I upload the firmware, however it never applies the update - I received a "Thank you, the settings are being applied" - but having issues with the new firmware -- here is my device information.
Model Number:WEB6000
Firmware Version:1.1.18.0e
System Up Time:
0day:0h:3m:14sIP
Address:192.168.1.131
Subnet Mask:255.255.255.0
Default Gateway:192.168.1.1
Cale,
The problem you have here is you have a device made for the ISP Saskel and not an NCS device. So this firmware will never load onto that device. You can try to compile your own firmware from our GPL source code. https://opensource.screenbeam.com/
Mike T
Please sign in to leave a comment.