Hello! New Pepwave user here.Just received my MAX BR1 Pro 5G today. I want to do some initial setup and a firmware upgrade from 8.1.2s109 build 4899 to 8.2.1 and thought the upgrade completed successfully, but after the reboot the version was the same. I also tried to manually reboot to the new version in the system settings with the same result. Any ideas? Thanks in advance!
Edit: Checked the system logs and found this “System: Firmware upgrade failed [Invalid Firmware]”. The new firmware was downloaded from the web interface, not manually.
Related upgrade problem, similar circumstances: new pepwave soho-mk3 user, trying to upgrade from 8.0.0 to 8.2.1, manually, b/c I wanted to do that BEFORE putting it on the net. But the progress bar hung at 79%, and I can’t log back in. Have not tried a power-off forced reboot - hoping to find some info before doing that. fw-max_br1mk2_hotspot_sohomk3-8.2.1-build5082.bin
@Rosemarie_Swanson : Sometimes the GUI will not refresh and return to the log-in screen. Some time has passed now – go ahead and power it down and back up again and let’s see if you can log in.
The soho-mk3 came up but Firefox reported “Secure Connection Failed” (in place of “Did not connect: Potential Security Risk Issue”, with an Advanced button that enables connection anyway). So I couldn’t even get a login screen.
Then I did a factory reset. But Firefox still reported “Secure Connection Failed” instead of the “Did not connect…”, so I still could not get a login screen. I even deleted the certificate that Firefox had saved for the soho-mk3 with its factory default IP address, but that did not make any difference.
Did this firmware upgrade make any changes in the soho-mk3 certificate? I saw that one of the fixes in FW 8.2.1 was for CVE-2022-0778, which had to do with an openssl vulnerability.
@Rosemarie_Swanson : Hi again. The screen/caution you are now seeing is expected and is saying the certificate Peplink uses is domain-mismatched. It is entirely safe to bypass the warning and “connect anyway.” Doing a reset will not be helpful. We bypass this screen on a regular basis and thank Firefox for paying attention. ;<) As soon as you do that you’ll be greeted with the familiar GUI.
And, no, CVE-2022-0778 is very real but not related to the issue you report.
Yes, I know about the certificate mis-match warning, and dealt with it twice successfully. BUT Firefox is giving a DIFFERENT warning message which I cannot bypass. There is no “advanced” button to get to a next screen in Firefox to say to bypass the warning.
There are 2 different warnings. I am getting this first one, not the 2nd one, which can be bypassed. Secure Connection Failed.
A Secure Connection Failed error page will include a description of the error, an option to report the error to Mozilla and a Try Again button. There is no option to add a security exception to bypass this type of error.
2nd type: Did Not Connect: Potential Security Issue
Certain secure connection failures will result in a Did Not Connect: Potential Security Issue error page.
The error page will include a description of the potential security threat, an option to report the error to Mozilla and an Advanced… button to view the error code and other technical details.
If I can figure out how, I will attach a screen shot of the Firefox screen.
I had a certificate expire just recently on some other networking equipment. Only way I could get to bypass this issue was to open a "Incognito/Private" browser (preferably Chrome). Then try both HTTP and HTTPS to see which would connect.
Newer firmwares seem to default to redirecting http to https, if you can get into system setting → admin security you can uncheck redirect http to https and go back to just using http port 80 for connecting and the browser will not complain about a invalid certificate.
This is not a security issue so long as you are connecting the admin UI on your internal network only and web admin access is set to lan only which is the default.
Web browsers are making harder and harder to connect to invalid certificates and its pretty pointless to have encryption over your internal lan unless you have some special security requirements.
