ADVANTECH ICR-3231 Industrial EMEA IoT Router User Manual
- June 6, 2024
- Advantech
Table of Contents
ADVANTECH ICR-3231 Industrial EMEA IoT Router User Manual
Abstract
This document describes:
- Firmware update instructions.
- Description of all new features, fixes and other changes implemented in the firmware.
- Known issues related to a firmware version.
Firmware Details
- Firmware version: 6.3.1
- Release date: July 21, 2021
- Hardware compatibility: applicable to the Advantech routers
Please note that not all new Advantech routers are produced and shipped with
the latest release
of the firmware. The reason for this is usually an existing certification
valid for a specific
carrier or a region. For more information about the latest version of the
firmware for your router, see the Firmware Distribution Overview document.
For current and detailed information about the router configuration see the
latest version of the
Configuration Manual for your router. Product related documents and
applications including the firmware can be obtained on Engineering Portal at
icr.advantech.cz address.
Advantech Czech s.r.o., Sokolska 71, 562 04 Usti nad Orlici, Czech Republic
This document was issued on July 22, 2021
Part I: Firmware Update Instructions
General Update Instructions and Notices
HTTPS certificates: The HTTPS certificate format in the router was updated in
FW 5.3.5 to improve the security. Existing HTTPS certificates on previously
manufactured routers will not automatically be updated with the firmware
update! It is possible to update the HTTPS certificates by deleting the files
within /etc/certs/https* in the router (e.g. via SSH). The certificates will
be re-created automatically during the router’s next start.
Specific Update Instructions
New filename: If the filename of firmware for your router was changed, you will meet with an issue during manual firmware updating or with automatic firmware update feature. This warning message will appear during the firmware updating process: “You are trying to upload file “xx.bin” but “yy.bin” is expected. Are you sure to continue?”
To proceed with the firmware updating please follow these steps: Check the
table below for details about recent firmware filename changes and make sure
you have the correct firmware file for your router. Go ahead with manual
firmware updating and confirm the displayed warning
message.
To proceed with automatic firmware updating, rename new firmware files (.bin and .ver) to filenames valid before the filename change. This should allow the router to pass through the process of automatic firmware updating. Next time, the automatic firmware update feature will work as expected with no need to rename the file.
Table 1: Recent Firmware Filename Changes
Updating Firmware of Version Less than 5.3.0
It is necessary to follow specific update instructions below only if you are updating from firmware older than 5.3.0.
Due to a bug in the firewall (now fixed) when aWAN device is part of a bridged interface, caution should be taken when updating in following case:
- Condition: When a WAN device is part of a bridged interface, access to that WAN device (HTTPS, SSH) is always granted regardless of configuration.
- Problem: If this is your configuration, it is highly likely that you are not aware of this, so the undesired effect of the bridge firewall fix may render the router inaccessible.
- Recommended Action: Enable access to both the web and ssh services before updating if you want to retain the current behavior (access to the WAN interface). This can be done on the NAT page in the Configuration section of the router’s Web interface.
Change the root’s password:
It is necessary to change the password for the root user when updating to the
firmware version
5.3.0 or newer. The reason for this is an update of the authentication system
(encryption algorithm crypt was changed to MD5; passwords are now stored in
the /etc/shadow file instead of /etc/passwd). The change of the password is
required before setting up the remote access on the NAT Configuration page.
Please note that when downgrading from 5.3.0+ to previous firmware versions, the password for the root user is reset to the default one, which is root.
Part II: Changelog
Legend: Affected products are marked as shown below
for every changelog item:
Affected product: Not affected product
SMS Configuration Enhancement
There is a new BIN1 – SMS option in the SMS configuration page. The SMS message text, to be sent when the second binary input is activated, can be configured here.
PPTP Configuration Enhancement
There are two new options in the PPTP configuration page available to configure the MTU (Maximum Transmission Unit) and the MRU (Maximum Receive Unit) parameters. The default value for both options is 1460 bytes to avoid sending fragmented packets.
L2TP Configuration Enhancement
There are two new options in the L2TP configuration page available to
configure the MTU
(Maximum Transmission Unit) and the MRU (Maximum Receive Unit) parameters. The
default
value for both options is 1400 bytes, the same as used so far.
Firewall Rules Increased
The total amount of the firewall rules, that can be configured on the Firewall configuration page, was increased from eight to sixteen rules for both, the incoming and forwarded packets.
Fixed IPsec Issue
We have fixed the IPsec SA checking for when multiple tunnels with the same
IDs and different
local or remote subnets are established. This issue was introduced in the
firmware 6.3.0.
Fixed WiFi Statistics
We have made a fix for the WiFi statistics, which may be not displayed in some cases. This issue was introduced in the firmware 6.3.0.
Fixed Linux Kernel Vulnerabilities
This update has fixed CVE-2020-24586 (low), CVE-2020-24587 (low),
CVE-2020-24588 (low),
CVE-2020-26139 (medium), CVE-2020-26147 (medium), CVE-2020-26558 (medium),
CVE-
2020-36386 (high) in the Linux kernel.
WiFi Firmware and Driver Update
We have updated the firmware of the Laird SU60 WiFi module to version 5.5.38.5. Moreover, the module driver was updated to the version 8.5.0.7.
WiFi Firmware Update
We have updated the firmware of the Texas Instrument WL1807 WiFi module to
version
8.9.0.0.86.
Updated dhcp-isc Software
We have updated the dhcp-isc program to version 4.1-ESV-R16-P1. This update
has fixed
CVE-2021-25217 (high). For more details about this release, see the webpage at
https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P1/dhcp-4.1-ESV-R16-P1-RELNOTES
Updated curl Program
We have updated the curl program to version 7.78.0. This update has fixed
CVE-2021-
22897 (medium), CVE-2021-22898 (low), CVE-2021-22901 (high), CVE-2021-22922,
CVE-
2021-22923, CVE-2021-22924, CVE-2021-22925 and CVE-2021-22926. For more
details
about this curl release, see https://curl.haxx.se/changes.html#7_78_0
Updated strongSwan Software
We have updated the strongSwan software to version 5.9.3. For more details
about this release,
see the webpage at https://github.com/strongswan/strongswan/releases/tag/5.
9.3
Part III: Known Issues
Firmware Update – Unexpected Filename
If the filename of firmware for your router was changed, you could have an
issue during manual
firmware updating or with Automatic Update feature. This warning message will
appear: “You are trying to upload file “xx.bin” but “yy.bin” is expected. Are
you sure to continue?” To fix this issue follow instructions in Part I –
Firmware Update Instructions.
Automatic Update – Update to Version 6.1.10
The feature of automatic firmware update will not recognize the firmware
version 6.1.10 as
a new version in case the installed version of firmware is from 6.1.0 to
6.1.8. To fix this issue,
either update the firmware by the automatic update to version 6.1.9 first or
update it manually
directly to the version 6.1.10.
WiFi Configuration – Lost After Firmware Downgrade
If the firmware is downgraded to the version less than 6.2.0, the WiFi
configuration will be lost
completely.
ICR-3200 – Country Code for WiFi
The first version of the firmware for the WiFi module does not support the
settings of the country code. Due to this issue, the settings of the country
code made on the configuration page
has no effect at all. The country code is set up during the manufacturing
process according to the product destination region.
SmartStart – Cellular Network Registration
It is necessary to use router’s firmware version 6.1.5 or higher if the Telit
cellular module
installed in your SmartStart router has following version of the firmware:
- Telit LE910-EU V2 cellular module with firmware version 20.00.403 or newer,
- Telit LE910-NA1 cellular module with firmware version 20.00.014 or newer.
Note: The model name and firmware version of the cellular module can be
found on router’s
web GUI at Mobile WAN Status page in Mobile Network Information section.
SmartStart SL302 – Cellular Network Authentication
It is not possible to use username and password when connecting to Mobile WAN
network (on
Mobile WAN Configuration page) if your SmartStart SL302 router has the
20.00.522 firmware version inside the Telit LE910-NA1 cellular module. The
version of cellular module firmware can be found at Mobile WAN Status page in
Mobile Network Information section.
SmartStart SL302 – SMS in Verizon Network
SmartStart SL302 router (equipped with the Telit modules LE910-SV1 or
LE910-NA1) supports
sending and receiving of SMS in Verizon cellular network since the firmware
version 6.1.4. Please note that to support SMS receiving, cellular module with
Verizon firmware version
higher than 20.00.012 is required.
Read More About This Manual & Download PDF: