Meraki

cmr · ‎Jun 3 2021

Important note

When configured for this version, the MR12, MR16, MR18, MR24, MR26, MR32, MR34, MR62, MR66, and MR72 will run MR 26.8.2 which explicitly includes the pertinent security fixes noted below.

Security fixes

CVE-2020-11022 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022 (MR12/MR16/MR18/MR24/MR26/MR32/MR34/MR62/MR66/MR72)
CVE-2020-11023 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023 (MR12/MR16/MR18/MR24/MR26/MR32/MR34/MR62/MR66/MR72)
CVE-2020-24588 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu (Wi-Fi 5 MRs/Wi-Fi 6 MRs)
CVE-2020-24587 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu (Wi-Fi 5 MRs/Wi-Fi 6 MRs)
CVE-2020-24586 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu (Wi-Fi 5 MRs/Wi-Fi 6 MRs)
CVE-2020-26145 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu (Wi-Fi 5 MRs/Wi-Fi 6 MRs)
CVE-2020-26144 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu (Wi-Fi 5 MRs/Wi-Fi 6 MRs)
CVE-2020-26140 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu (Wi-Fi 5 MRs/Wi-Fi 6 MRs)
CVE-2020-26143 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu (Wi-Fi 5 MRs/Wi-Fi 6 MRs)
CVE-2020-26139 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu (Wi-Fi 5 MRs/Wi-Fi 6 MRs)
CVE-2020-26146 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu (Wi-Fi 5 MRs/Wi-Fi 6 MRs)
CVE-2020-26147 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu (Wi-Fi 5 MRs/Wi-Fi 6 MRs)
CVE-2020-26142 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu (Wi-Fi 5 MRs/Wi-Fi 6 MRs)
CVE-2020-26143 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu (Wi-Fi 5 MRs/Wi-Fi 6 MRs)
CVE-2020-25684 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mr... (Wi-Fi 5 MRs, Wi-Fi 6 MRs, MR12/MR16/MR18/MR24/MR26/MR32/MR34/MR62/MR66/MR72)
CVE-2020-25685 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mr... (Wi-Fi 5 MRs, Wi-Fi 6 MRs, MR12/MR16/MR18/MR24/MR26/MR32/MR34/MR62/MR66/MR72)
CVE-2020-25686 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mr... (Wi-Fi 5 MRs, Wi-Fi 6 MRs, MR12/MR16/MR18/MR24/MR26/MR32/MR34/MR62/MR66/MR72)

Bug fixes

General stability improvements
Scanning radio may become stuck on a single frequency in some regulatory domains (Wi-Fi 5 MRs)
MR may not forward buffered frames upon receipt of CTS from STA if the CTS did not follow the preceding RTS within a given time window (Wi-Fi 6 MRs)
MR does not automatically detect Smart Antennas (MR42E)
MR may experience frequent Ethernet carrier changes (MR36)
MR was not applying the appropriate QoS DSCP tags to some egress packets (Wi-Fi 6 MRs)
MR was generating SNMP ifOutErrors under normal 802.11 traffic scenarios (Wi-Fi 5 MRs/Wi-Fi 6 MRs)

Known issues

Sporadic packet loss & instability on Layer 3 roaming & Teleworker VPN SSID's (Wi-Fi 5 MRs/Wi-Fi 6 MRs)
UNII-2e channels not available for indoor APs in Israel IL regulatory domain (Wi-Fi 5 MRs/Wi-Fi 6 MRs)

If my answer solves your problem please click Accept as Solution so others can benefit from it.

jrhop · ‎Jun 14 2021

Thanks @WB, I have deployed to ~100 APs now and no issues reported.

View solution in original post

JohnD · ‎Jun 5 2021

Looks great! So it’s the FragAttacks fixes plus the other bugfixes mentioned in 28.1, without being on a beta.

jrhop · ‎Jun 9 2021

Anyone applied this yet? Looks to fix some pretty serious vulnerabilities!

CptnCrnch · ‎Jun 9 2021

Interesting: I'm completely unable to find anything newer than 28.1

jrhop · ‎Jun 9 2021

Under stable RC for me

cmr · ‎Jun 9 2021

I've been applying 28.1, but WiFi5 wave1 APs only update to 26.8.1 for that version, even thought both 28.1 and 27.7 include the security updates...

If my answer solves your problem please click Accept as Solution so others can benefit from it.

WB · ‎Jun 14 2021

I've got it applied on my MR33 home setup with no problems experienced but that's a very small sample size!

Got a bunch of MR45 & 46's I'll be throwing this out to in a few weeks time

jrhop · ‎Jun 14 2021

Thanks @WB, I have deployed to ~100 APs now and no issues reported.

JohnD · ‎Jun 24 2021

Wi-Fi 6 MRs might exhibit unexpected reboots (Wi-Fi 6 MRs)

FYI there is a 27.7.1 now, fixing the above issue. I hit this pretty badly on my MR46 and MR56, where once or twice a day, both would reboot at the exact same time.

WB · ‎Jun 24 2021

Ye I went to push this to some MR46s this time last week, luckily decided to do a once over of the release notes and saw the emergency notice about the reboots so bailed out!

Glad a fix got pushed out relatively quickly but a bit disappointed something like that wouldn't be caught in QA to be honest given it's the release candidate not beta

NolanHerring · ‎Jun 25 2021

28.2

Known Issues

MR reboots every 15-20 minutes when connection to Meraki Dashboard is unavailable (Wi-Fi 6 MRs)

Yikes

Nolan Herring | nolanwifi.com

Meraki

Community

New MR27.7 and MR26.8.2 Release Candidate firmware, multiple bug and security fixes

New MR27.7 and MR26.8.2 Release Candidate firmware, multiple bug and security fixes

New MR27.7 and MR26.8.2 Release Candidate firmware, multiple bug and security fixes

New MR27.7 and MR26.8.2 Release Candidate firmware, multiple bug and security fixes

Wireless firmware versions MR 27.7 changelog

Important note

Security fixes

Bug fixes

Known issues