I’m preparing a TRB500 for my parents and have updated the device firmware to latest but the modem can only be updated locally from what I can interpret looking at the WebUI. It is currectly at RG501QEUAAR12A09M4G_04.200.00.000
I’m reading up on your security advisories for “5Ghoul” affecting RUTX50, RUTM50, RUTC50, TRM500, where you state that RG501QEUAAR12A11M4G_04.200.04.200 fixes the problem. I noted that TRB500 is absent from this list:
Then I read in another post you gave a user the seemingly exact same firmware version (RG501QEUAAR12A11M4G_04.200.04.200):
Two questions:
Is the TRB500 also affected by the 5G vulnerabilities since it apparently shares the same firmware version number with the modem for the affected 5G products?
Could you please send me the latest stable modem firmware (with security fixes) that you have, along with a checksum? You disable FOTA updates for the modem but you don’t post them on the download page and there’s no hint on that page on how to get them. What’s up with that?
To address your first question, the “5Ghoul” vulnerabilities have indeed been remediated for the RUTX50, RUTM50, RUTC50, and TRM500 devices specifically. The TRB500 is not included in this list, so there is no cause for concern in your case, as the TRB500 uses a different RG501 modem than those affected devices.
As for your second question, if your TRB500 modem is functioning properly without any issues, there’s no need to upgrade to the latest firmware version. Our recommendation is to only upgrade if you are experiencing specific problems that may be resolved by an update.
If you have further questions or need additional assistance, please don’t hesitate to reach out.
I have yet to connect the device to a mobile network but before I hand over the device to my folks I would like it to perform the best it can. Looking at threads like these where your support staff is qouted saying that A08 is suboptimal makes me want to try the A10:
In your case, I’d recommend first connecting your device to mobile internet and checking if it operates smoothly without any interruptions. Your current modem firmware version, RG501QEUAAR12A09M4G_04.200.00.000, has not had any known issues, so if it functions well with the current release, it’s generally best to leave it as is.
If you have any further questions or need assistance, please feel free to reach out.
Will the modem FOTA option be enabled once the device is online or is it some kind of an advanced option? If so, could you please tweak the tooltip text and the manual to make it more clear what applies in the different setup phases? I don’t have a physical sim card to test with right now so that is why I’m nagging you about the modem firmware.
Even though you don’t have official release notes/errata from Quectel, the norm is that even for (or should I say especially for) these kind of firmwares, security patches are released silently before the vulnerabilities have a CVE assigned to them to not draw attention. It’s not just about stability. Before you take a system online you make sure it is fully patched.
I know there are two more versions, 10 and 11, as well and am currently looking at the Quectel release notes for those and would like to ask you to add them to this list if possible. If there are any technical or legal concerns that make this impossible, then please contact me in private so that I can move forward.
On a side note, it would be nice if you updated the documentation for Package manager/opkg (for all relevant devices) that it is only available for the root user. If logged in as admin and try anything opkg related you are met with the following error:
admin@TRB500:~$ opkg update
Collected errors:
* opkg_conf_load: Could not create lock file /var/lock/opkg.lock: Permission denied.
One more thing, Quectel lists eight variants included in the RG50xQ series but their online specification is only mentioning one version of RG501Q-EU:
and Quectel only seemed to have a single firmware update package for this variant when I reached out to them.
Am I missing something here since you wrote that RUTX50 and TRB500 are using different versions of RG501, but all documentation I’ve seen so far points to them having the same modem, the RG501Q-EU
I am willing to perform the modem upgrade manually and will take full responsibility for the result if you would let me have the necessary files.
Thank you for clarifying. My apologies for the misunderstanding – in my previous message, I was comparing the modems and firmware between the RUTX50 and TRM500. You are correct: the RUTX50 and TRB500 do indeed use the same modem, the RG501Q-EU.
Regarding your request to update your TRB500 modem firmware to version A11, I’ve sent you a form to complete, for the ticket ID use “10373”. Once we receive the submitted form, we will contact you privately with further guidelines for the modem update procedure.
Thanks for the support, this solves the problem for now but not future upgrades. Do I need to go through this route again for the next firmware revision or is there a plan to make this hurdle easier? I guess your legal department is making it hard for you to redistribute the firmware so if you could find a workaround for this device if its resource starved, maybe using DFOTA (Delta Firmware Upgrade Over the Air), then you would save a lot of time on people like me
Last thing though, are you sure TRB500 should not be on the list of vulnerable devices? In my eyes, having the same modem+firmware implies that they are affected by the same vulnerabilites. Someone has edited the original post on your site and removed the TRB500 but it is still cached by Google:
Your web site is alright, it’s just me that got super confused by the security center page. In the first post from January you actually state that TRB500 is vulnerable because it has the RG501Q-EU (Snapdragon x55) modem but then in the second post from August you leave it out. No remedies for the TRB500 device. I’m patched now so I guess I’m alright but what about the other customers?
I am also interested where I could get newer than A08 version which modem_updater offers.
If opkg/modem_update does not offer updates, how should the customer know that there is new version and then beg it through ticket? Just asking… And yes, I’ve been fighting with the modem for the whole day.
To proceed, please complete the form I have sent you. When filling it out, kindly reference the ticket ID “10373-2” Once submitted, we will contact you privately with the latest modem firmware details.
The built-in FOTA modem updater is disabled and there are no other modem firmware versions available online other than these two:
RG501QEUAAR12A08M4G_04.001.04.001 (vulnerable)
RG501QEUAAR12A07M4G_04.001.04.001 (vulnerable)
According to Teltonika’s own security center, and based on the common hardware config among devices, the latest known non-vulnerable modem version is:
RG501QEUAAR12A11M4G_04.200.04.200 (safe)
The only way to get this updated firmware though is through private channels, e.g. by contacting Teltonika through this forum (you need to to this in a separate thread since this one closes today). I haven’t seen any official update yet but it is safe to say that they are aware of the problem and are working on it. Maybe one of their representatives can leave a comment here for us to feel more comfortable, an ETA would be even better.
@Teltonika: Thanks for the support so far, if you are looking for beta testers I’m definitely interested in joining in (you know where to find me).
What is the reason for the “we will contact your privately” stuff? Why can’t you just put the fixed modem firmware on your WiKi like it was done with an earlier release?
I understand that updating the firmware has to be done carefully and there is a risk of bricking the device, but I do not see how sending it privately would make that any better than just putting the firmware and directions on how to update it on the WiKi as has been done with the older version…
Simply by looking at the supply chain you can get some regular vulnerability reports for the modem:
TRB500 ->-> RG501Q-EU ->-> Snapdragon X55 5G Modem
Qualcomm publishes monthly public security bulletins, so by looking out for info on the X55 in combination with “remote” attack vector you can stay relatively on top of the modem vulnerabilities in this product. You really shouldn’t have to do this but it can give a fuller picture. Here’s the Dec 2023 Qualcomm security bulletin listing the three vulnerabilities affecting the X55 system present in the TRB500: https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2023-bulletin.html
Chip manufacturer that does not want code updates for their chip to be published? That sounds very 1990…
At least Teltonika could provide a URL for the file download in the device itself (on the update page) so it would be available to all users of the device who want it to be uptodate.
It is only fortunate that most of these issues require a targeted attack using a fake base station, something I am not that worried about.