This Article Applies To:

 

CPE710 (UN) V2

CPE210 (UN) V3.20

CPE220 (UN) V3

 

Release Notes:

New Feature/ Enhancement:

1. Supports TLS1.2 and above encryption, after enabling the SMTP function.

2. Hide the jquery version number to prevent malicious attackers from collecting excessive information and launching attacks using known CVes.

3. Remove the 10 entries of NIST.SP.800-52 that are not satisfied in the Cipher Suites supported at the time of TLS connection establishment, when the DUT initiates a firmware update.

4. Fix the insecurity issue of HTTP header response: Cookie(s) 1 issued: NOT secure, does not support Strict Transport Security.

5. TLS support forward secrecy.

6. Fix POODLE, SSL(CVE-2014-3566), SWEET32(CVE-2016-2183, CVE-2016 6329), BEAST(CVE-2011-3389), and RC4(CVE-2013-2566、CVE-2015-2808) vulnerability existing in TLS Connection.

7. Upgrades the SSL certificate signing algorithm from SHA1 to SHA256.

8. Supports SSLv3, TLS1.0 and TLS1.1.

9. Remove TLS cipher suite disables weak encryption algorithms: Triple DES Ciphers/IDEA, LOW: 64-bit + DES, RC[2,4], MD5.

10. Add the subjectAltName (SAN) extension field to TLS/SSL certificates.

11. Supports more modern encryption algorithms such as AEAD (Forward Secrecy strong encryption) in TLS transmission.

12. Optimizes the get/set community of SNMP by using a strong password policy.

13. Optimizes the default encryption method of SSID to WPA2, during the initialization configuration process of DUT after reset.

14. Optimizes the default encryption method of SSID to WPA2 When creating an SSID with Multi-SSID.

15. Remove the default password, during the initialization configuration process of DUT after reset.

16. Optimize the strong password policy for the current login password.

17. Disable the following SSH insecure encryption algorithms: diffie-hellman group14-sha1,kexguess2@matt.ucc.asn.au,ssh-dss,,aes128-cbc,aes256 cbc,3des-cbc,hmac-sha1-96,hmac-sha1,hmac-md5.

18. Added a mechanism to prevent brute-force cracking for the SSH login of DUT.

19. Add a signature encryption of RSA-2+RSA2048 for the dut firmware.

20. Prohibit the installation and upgrade of historical versions of firmware with vulnerabilities.

21. Add a support switch. Once enabled, it allows support for lower versions of TLS as well as older encryption suites.

22. Hide the version information of SSH and HTTPD services to prevent cve attacks.

23. Optimize and address the vulnerabilities discovered by Nessus scans.

24. Modify the INPUT chain of iptables rules to prevent the WAN side from ping packets to enhance security, and remove the rules for ports 5001 and 6001 in Router mode.

25. Modify the VPN Passthrough protocol function and UPnP function to turned off by default.

26. Disable the insecure cipher suite in TLS1.2 and TLS1.3.

27. Disable the SSH algorithm of the unsafe algorithm used by the Pharos Controller adoption device.

28. Add an anti-burst mechanism,during the Pharos Controller adopts the devices.

29. Close the TDDP process in user mode.

30. Support the function of disabling serial port input.

31. Prevent access to the login page via urls such as index.htmlk, index.html.nl, index.htmlk-nl, and index.html.lu.utf8.

32. Modify the anti-brute-force crack limit for web login to 30 times.

33. Update the log when the privacy assets of the device change.

34. Add the encryption function for importing and exporting configuration files.

35. Add a function of modifying the account and password , after the device is reset and adopted by Pharos Control.

36. Update the password strength and prompt for web login.

37. Add New Privacy Policy description: For the first login to the device after reset or the first login to the web after reset is managed by control.

38. Disable insecure encryption suites in accordance with the SOGIS standard.

39. Fixed a bug: Switch the Mode through the Operation Mode drop-down box. After generating the unencrypted SSID by default, try to modify it to the WPA2 encryption method. The original password is remembered, the password is cleared, and the user reconfigs.

40. Add a prompting of the length of password is 8 to 63 characters,and it will be truncated when setting the password for the SSID.

41. Optimize the password verification strength of Auto Mail Settings to four combinations: uppercase letters, lowercase letters, numbers, and special characters.

42. Add a promption indicating that this ssid should not be deleted, after opening multi ssid and only one ssid remains.

43. For CPE710: Remove the TKIP encryption; For CPE210: Remove the WEP encryption method and TKIP encryption.

 

Beta Firmware Download

 

Attention

 Please be sure you have read the Beta Test Agreement before upgrading the Beta firmware!

 

 

PharosControl 2.0.8.0731.1447 (Pre-release Version)

 

PharosControl 2.0.8.0716.1405 (Pre-release Version)

CPE710(UN) 2.0 1-0-P1[20250718-rel65021] (Pre-release Version)

CPE210(UN) 3.20 3-0-P1[20250718-rel64582] (Pre-release Version)

CPE220(UN)_3.0-2-3-0-P1[20250724-rel62806] (Pre-release Version)

 

Notes:

Your device’s configuration won’t be lost after upgrading.

 

 

Update Log

 

4th Aug, 2025

 

Update the Pharos Control to the following version:

 

PharosControl 2.0.8.0731.1447 (Pre-release Version)

 

 

25th Jul, 2025

 

Provide the pre-release link for CPE220.

 

 

22th Jul, 2025

 

Provide the pre-release link:

 

PharosControl 2.0.8.0716.1405 (Pre-release Version)

CPE710(UN) 2.0 1-0-P1[20250718-rel65021] (Pre-release Version)

CPE210(UN) 3.20 3-0-P1[20250718-rel64582] (Pre-release Version)

 

 

 

Feedback

 

Any further feedback on the new firmware, please feel free to comment below or start a new thread from HERE.

To get better assistance, you may check Tips For Efficiently Reporting an Issue In The Community.

 

When reporting an issue, especially it's about firmware upgrade, it's suggested to include the following info:

• Management mode (Controller or Standalone)
• Device Model(s) and Hardware
• Device Firmware (previous and current)

 

Thank you in advance for your great cooperation and support.

 

Recommended Threads

 

CPE610 V2 | CPE605 V1 | CPE510 V3.20 Pre-release (Released on 28th Jul, 2025)

Experience the Latest Omada EAP Firmware - Trial Available Here, Subscribe for Updates!

Current Available Solutions to Omada EAP Related Issues [Constantly Updated]