Technical Bulletin: Firmware Version b628-265 Release Date: August 17, 2024 Product Line: B628 Series Network Switches (Managed Gigabit PoE+ Models) Firmware Classification: General Availability (GA) – Security & Stability Update 1. Overview Firmware version b628-265 is a recommended update for all B628 series switches (B628-24P, B628-48T, and B628-8X). This release addresses three critical security vulnerabilities identified in the previous firmware branch (b628-251 through b628-260), enhances VLAN routing stability, and introduces improved logging for link aggregation control protocol (LACP) events. Installation of b628-265 is strongly recommended for all production environments. 2. Key Changes & Improvements Security Fixes (CVSS Scores)
CVE-2024-38112 (CVSS 7.5): Hard-coded cryptographic key removed from the web management interface. Previously, an attacker with network access could decrypt session tokens. CVE-2024-38113 (CVSS 6.8): Fixed a buffer overflow in the SNMPv3 authentication module. This resolves a potential denial-of-service (DoS) vector. CVE-2024-32377 (CVSS 5.4): Patched an XSS vulnerability in the DHCP snooping table viewer.
Networking & Performance
VLAN Routing: Resolved an issue where inter-VLAN routing would intermittently fail on ports 17–24 on B628-24P models after 45+ days of uptime. LACP Stability: Added detailed logging for LACP timeouts and partner state changes. Reduces false “link flapping” alerts on bonded 10GbE uplinks. PoE Management: Improved power budget calculation when mixing 802.3af (PoE) and 802.3at (PoE+) devices. Peak inefficiency reduced by ~8%. b628-265 firmware
Management & Monitoring
Updated web UI certificate to SHA-256 (no longer uses self-signed SHA-1). Added support for sending syslogs over TLS (TCP port 6514). CLI command show firmware history now displays previous three rollback versions.
3. Upgrade Path & Compatibility | From Version | Upgrade Method | Downgrade Support | |-------------------------------|----------------------------------|--------------------------------| | b628-260 or newer | Web, TFTP, or USB | Yes – to b628-251 or later | | b628-251 through b628-259 | TFTP or USB only (no web) | Yes – to b628-250 | | b628-250 or older | Two-step upgrade: first to b628-251, then to b628-265 | No – older bootloader change | Important: If you are on firmware earlier than b628-251, you must first upgrade to the intermediate version b628-251 (available on the support portal) due to a flash partition layout change introduced in February 2024. 4. Installation Instructions (Web Method – for b628-260+) Installation of b628-265 is strongly recommended for all
Prerequisite: Backup your current configuration ( config.txt ). The device will reboot once.
Download b628-265.bin from your regional support portal. Log in to the switch’s web interface (default: 192.168.1.254 ). Navigate to: Maintenance → Firmware Upgrade . Click Choose File , select the .bin file, then click Upgrade . Wait for the status bar to reach 100% (do not power cycle). After the switch reboots (approx. 3 minutes), log in and verify the version:
Web: System Info → Firmware Version CLI: show version | include b628 Previously, an attacker with network access could decrypt
Post-upgrade: Clear your browser cache. The web UI will load with the updated theme.
5. Known Issues in b628-265