ADVANTECH ICR-OS Firmware 6.3.6 Cellular Router Instruction Manual
- June 5, 2024
- Advantech
Table of Contents
- ADVANTECH ICR-OS Firmware 6.3.6 Cellular Router
- Abstract
- Firmware Details
- General Update Instructions and Notices
- Specific Update Instructions
- IPsec Asymmetric PSK
- Improved DHCP Server Status
- Fixed Cellular Connection
- Resolved WiFi Freezing
- Fixed XHCI Issue
- Updated OpenSSL Library
- References
- Read User Manual Online (PDF format)
- Download This Manual (PDF format)
ADVANTECH ICR-OS Firmware 6.3.6 Cellular Router
Abstract
This document describes:
- Firmware update instructions.
- Description of all new features, fixes, and other changes implemented in the firmware.
- Known issues related to a firmware version
Firmware Details
- Firmware version: 6.3.6
- Release date: June 16, 2022
- ompatibility: Advantech routers; see the Firmware Distribution Overview
Please note that not all new Advantech routers are produced and shipped with
the latest re-lease of the firmware. The reason for this is usually an
existing certification valid for a specific carrier or a region. For more
information about the latest version of the firmware for your router, see the
Firmware Distribution Overview document. For current and detailed information
about the router configuration see the latest version of the Configuration
Manual for your router. Product-related documents and applications including
the firmware can be obtained on Engi-neering Portal at icr.advantech.cz
address. Advantech Czech s.r.o., Sokolska 71, 562 04 Usti nad Orlici, Czech
Republic
This document was issued on June 17, 2022
General Update Instructions and Notices
HTTPS certificates: The HTTPS certificate format in the router was updated in
FW 5.3.5 to improve the security. Existing HTTPS certificates on previously
manufactured routers will not automatically be updated with the firmware
update! It is possible to update the HTTPS
certificates by deleting the files within /etc/certs/https* in the router
(e.g. via SSH). The certificates will be re-created automatically during the
router’s next start.
Specific Update Instructions
New filename: If the firmware filename for your router was changed, as listed
in Table 1, you will get an issue during the manual or automatic firmware
update. The following warning message will appear: You are trying to upload
file “xx.bin” but “yy.bin” is expected. Are you sure to continue?
To go ahead with the manual firmware update, check the table below for details
about recent firmware filename changes and make sure you have the correct
firmware file for your router. Now, you can confirm the displayed warning
message.
To go ahead with the automatic firmware update, rename the new firmware file
(.bin and .ver) to the filename valid before the filename change. This
should allow the router to pass through the process of automatic firmware
update. Next time, the automatic firmware update feature will work as expected
with no need to rename the file.
| Router model | FW ver. | New filename | Original filename |
|---|---|---|---|
| SmartMotion ST352 SmartMotion ST355 | 6.0.2 | SPECTRE-v3T-LTE.bin | BIVIAS- |
v3LL.bin
SmartStart SL302| 6.0.3| SPECTRE-v3L-LTE-US.bin| SPECTRE-v3L-LTE-AT.bin
Updating Firmware Version Earlier than 5.3.0
It is necessary to follow specific update instructions below only if you are
updating from firmware older than 5.3.0.
Due to a bug in the firewall (now fixed) when a WAN device is part of a
bridged interface, caution should be taken when updating in the following
case:
-
Condition:
When a WAN device is part of a bridged interface, access to that WAN device (HTTPS, SSH) is always granted regardless of con-figuration. -
Problem:
If this is your configuration, it is highly likely that you are not aware of this, so the undesired effect of the bridge firewall fix may make the router inaccessible. -
Recommended Action:
Enable access to both, the web and ssh services, before updating if you want to keep the current behavior (access to the WAN in-terface). This can be done on the NAT page in the Configuration section of the router’s Web interface.
Change the root’s password
It is necessary to change the password of the root user when updating to the
firmware version 5.3.0 or newer. The reason for this is an update of the
authentication system (encryption algorithm crypt was changed to MD5;
passwords are now stored in the /etc/shadow file instead of /etc/passwd file).
The change of the password is required before setting up the remote access on
the NAT Configuration page.
Please note that when downgrading from 5.3.0+ to an earlier firmware version,
the password of the root user is reset to the default one, which is root.
Legend: Affected products are marked as shown below for every changelog item:
IPsec Asymmetric PSK
Asymmetric PSK for IPsec configuration is supported now. It allows establishing an IKEv2 VPN with an asymmetric Pre-Share key between two routers. It can be used when establishing the IPSec tunnel to a CISCO router. On an Advantech router, set the IPsec Authenticate Mode to the pre-shared key, IKE Protocol to IKEv2, and set up the Pre-shared Key together with the Remote Pre-shared key. For more information, see the IPsec Tunnel application note and Configuration Manual of your router.
New tables Extension
The u32 match extension is now supported by the iptables. This module allows the matching of arbitrary bytes in a packet. Visit the u32 tutorial page for a detailed description of this match extension.
Improved DHCP Server Status
The DHCP server status reported in the GUI was redesigned to make it more transparent. The basic information about DHCP leases is now displayed in a table with a few columns.
Fixed Cellular Connection
We have fixed an issue when connecting to an IPv4-only cellular network.
Fixed ICMPv6 Ping over PPPoE
We have fixed sending of ICMPv6 ping over the PPPoE interface. This issue may cause an IPv6 route to be missing in the routing table.
Resolved WiFi Freezing
We have fixed occasional WiFi module freezing during the AP network searching.
Fix for ip Program
We have fixed the VLAN/VRF ID listing by ip program. This issue caused an incorrectVLAN/VRF ID to be printed by the program.
Fixed WireGuard Report
We have fixed the issue with reporting the WireGuard service status in the report file.
Fixed Node-RED Login
We have fixed an issue with the Node-RED login observed in the firmware version 6.3.5.
Fixed XHCI Issue
We have fixed an xHCI (eXtensible Host Controller Interface) issue that may have caused the router to reboot.
Fixed MAC Resolving
We had resolved a bug in the IPv6 MAC address resolving function that occurred when many addresses were logged.
Updated OpenSSL Library
We have updated the OpenSSL library to version 1.1.1o. This update has fixed
CVE-2022-1292 (critical). For more details
about changes, see the OpenSSL Changes webpage.
Updated strongSwan Software
We have updated the strongSwan software to version 5.9.6. This update has improved the Denial of Service (DoS) protection. For more details about this release, see the strongSwan 5.9.6 Changelog.
Updated curl Program
We have updated the curl program to version 7.83.1. This update has fixed CVE-2022-27778 (high), CVE-2022-27779 (medium), CVE-2022-27780 (high), CVE-2022-27781 (high), CVE-2022-27782 (high), and CVE-2022-30115 (medium). For more details about this release, see the Curl Changelog webpage.
Updated Net-SNMP Software
We have updated the Net-SNMP software to version 5.9.1. This update has fixed various issues in version 5.8, including an occasional crash when reading values using the SNMP GETBULK command.
Firmware Update – Unexpected Filename
If the filename of firmware for your router was changed, you could have an
issue during manual firmware update or with Automatic Update feature. This
warning message will appear: “You are trying to upload file “xx.bin” but
“yy.bin” is expected. Are you sure to continue?” To fix this issue follow
instructions in Part I – Firmware Update Instructions.
Automatic Update – Update to Version 6.1.10
The feature of automatic firmware update will not recognize the firmware
version 6.1.10 as a new version in case the installed version of firmware is
from 6.1.0 to 6.1.8. To fix this issue, either update the firmware by the
automatic update to version 6.1.9 first or update it manually directly to the
version 6.1.10. WiFi Configuration – Lost After Firmware Downgrade If the
firmware is downgraded to the version earlier than 6.2.0, the WiFi
configuration will be lost completely.
ICR-3200 – Country Code for WiFi
The first version of the firmware for the WiFi module does not support the
settings of the coun-try code. Due to this issue, the settings of the country
code made on the configuration page has no effect at all. The country code is
set up during the manufacturing process according to the product destination
region.
SmartStart – Cellular Network Registration
It is necessary to use router’s firmware version 6.1.5 or higher if the Telit
cellular module installed in your SmartStart router has following version of
the firmware:
References
- Advantech 4G, 5G Cellular Routers & Gateways for IoT applications - Engineering Portal
- IPTables U32 Match Tutorial
- curl - Changes
- Release strongSwan 5.9.6 · strongswan/strongswan · GitHub
- Advantech 4G, 5G Cellular Routers & Gateways for IoT applications - Engineering Portal
- Application Notes - Cellular Routers Engineering Portal
- Firmware - Cellular Routers Engineering Portal
- Router Models - Cellular Routers Engineering Portal
- NVD - CVE-2022-1292
- openssl.org/news/cl111.txt