Deco X50-PoE v1 firmware?
I bought a set of 3 Deco X50-PoE v1 2 years ago, since then there have been 3 firmware updates in a period of 6 months, the last one is from january last year, since then nothing while the v2 is still getting updates and extra functionality. Has development on the v1 hardware stopped and will there be no more firmware updates?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi, welcome to the community.
The security updates could still be guaranteed. As for the firmware with new features, there hasn't been further news for now.
Do you wish any specific features can be added as soon as possible?
Thank you very much and best regards.
- Copy Link
- Report Inappropriate Content
The features that become available for V2 would be nice, it seems that the v2 has a better processor does this mean that the v1 processor can't handle the new features that become available for the V2?
- Copy Link
- Report Inappropriate Content
This situation is absolutely unacceptable for a device purchased so recently. The X50-PoE V1 being stuck at firmware 1.2.5 from January 2024 leaves us exposed to CVE-2024-21833, a critical security vulnerability with a CVSS score of 8.8.
This vulnerability allows any network-adjacent unauthenticated attacker to execute arbitrary OS commands on our routers - meaning anyone who gains access to our network (whether through WiFi, guest access, or physical connection) can completely compromise our devices without needing any login credentials. This is a critical security flaw that TP-Link has already patched in other devices.
Meanwhile, the regular Deco X50 V1.2 received firmware 1.4.5 in September 2024 with WireGuard VPN support and security fixes. The fact that TP-Link continues to develop firmware for nearly identical hardware while abandoning the PoE variant is inexcusable.
We're being forced into an impossible choice:
-
Continue using devices with known critical security vulnerabilities
-
Purchase replacement hardware we shouldn't need for devices that are barely over a year old
This feels like planned obsolescence disguised as "hardware differences." The X50-PoE V1 cost significantly more than the regular X50 due to the PoE functionality, yet we're getting inferior long-term support and are now exposed to serious security risks.
I'm running multiple Deco networks across different locations, and this particular affected network alone has 7 X50-PoE units as shown in my system status. When you consider the premium cost of PoE-enabled units, plus the additional investment in managed switches, PoE injectors, and professional-grade backhaul infrastructure to support this deployment, we're talking about thousands of dollars in network infrastructure that's now essentially compromised due to TP-Link's abandonment of firmware support.
TP-Link needs to either:
-
Provide security updates for the X50-PoE V1 to address CVE-2024-21833
-
Offer a hardware exchange program for affected customers
-
Clearly communicate end-of-life policies BEFORE customers purchase
Leaving customers with vulnerable network infrastructure is not just poor customer service - it's a security liability. This experience will definitely influence my future networking equipment decisions and recommendations to others.
How exactly does TP-Link plan to resolve this critical security vulnerability for X50-PoE V1 customers, and when can we expect a concrete timeline for either firmware updates or hardware replacement options?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 2
Views: 412
Replies: 3
Voters 1
