FIRMWARE RELEASE NOTE ====================== Products affected: AXIS P3343/44 Network Camera Release date: 2021-11-23 Release type: Production Firmware version: 5.51.7.6 Preceding release: 5.51.7.5 -------------------------------------------------------------------------------- Upgrade instructions ==================== Upgrade the firmware according to the instructions given at https://www.axis.com/ca/en/support/technical-notes/how-to-upgrade or howtoupgrade.txt, which is included in the firmware folder. NOTE ==================== For latest information about Axis Cybersecurity, see https://www.axis.com/se/sv/support/product-security. Corrections in 5.51.7.6 since 5.51.7.5 ======================================= 5.51.7.6:C01 Corrected an issue in ftptest.cgi and smtptest.cgi that caused "502 Bad Gateway" error response. This was introduced in the 5.51.7.5 release. Corrections in 5.51.7.5 since 5.51.7.4 ======================================= 5.51.7.5:C01 Corrected CVE-2021-31987. 5.51.7.5:C02 Updated OpenSSL to version 1.1.1l to increase overall minimum cybersecurity level. 5.51.7.5:C03 Added an option to Disable or Enable TLSv1.0 or TLSv1.1 using param.cgi. [IPAddress]/axis-cgi/admin/param.cgi?action=update&root.HTTPS.AllowTLS1=no and [IPAddress]/axis-cgi/admin/param.cgi?action=update&root.HTTPS.AllowTLS11=no 5.51.7.5:C04 Corrected CVE-2021-31988. Corrections in 5.51.7.4 since 5.51.7.3 ======================================= 5.51.7.4:C01 Updated OpenSSL to version 1.1.1k to fix CVE-2021-3449 and CVE-2021-3450. 5.51.7.4:C02 Updated pwdgrp.cgi to be RFC compliant to work seamlessly with Home Assistant Systems. Corrections in 5.51.7.3 since 5.51.7.2 ======================================= 5.51.7.3:C01 Corrected a stability issue that occurred when X-Frame-Options is enabled. Corrections in 5.51.7.2 since 5.51.7 ===================================== 5.51.7.2:C01 Corrected a newline character in pwdgrp.cgi, introduced in 5.51.6, that could cause problems when parsing the response. 5.51.7.2:C02 Corrected an issue that prevented Action Rule Events from sending images via email. 5.51.7.2:C03 Corrected an issue that caused monolith to timeout and respawn during too many connect/disconnect RTSP streaming requests. 5.51.7.2:C04 Added support to enable/disable X-Frame-Options headers in the plainconfig. By default, X-Frame-Options is enabled and its value is set to "sameorigin". Corrections in 5.51.7 since 5.51.6.2 ===================================== 5.51.7:C01 Added possibility to retrieve the device Owner Authentication Key (OAK) in the web GUI. Note that this functionality requires that the product have direct access to the internet. 5.51.7:C02 Updated the wpa-supplicant to version 2.9 to increase the overall cybersecurity level. The following cybersecurity vulnerabilities are fixed: CVE-2019-13377 CVE-2019-16275. 5.51.7:C03 Updated OpenSSL to 1.1.1d to increase the overall cybersecurity level. 5.51.7:C04 Added support for TLSv1.2. 5.51.7:C05 Updated the client-side URL transfer library (libcurl) to version 7.53.1 to increase the overall cybersecurity level. Corrections in 5.51.6.2 since 5.51.6.1 ======================================= 5.51.6.2:C01 Corrected an issue that caused admin users other than root not to be allowed to change user account passwords. 5.51.6.2:C02 Added ProxyDispatcherOnly option to the O3C/AVHS client that can control proxy configurations of dispatcher services. 5.51.6.2:C03 Corrected an issue that caused camera to drop network connection when using 5.51.6.1 firmware. 5.51.6.2:C04 Added support for NAS over 2TB. Corrections in 5.51.6.1 since 5.51.6 ===================================== 5.51.6.1:C01 Added “X-Frame-Options: sameorigin” to the HTTP Response Headers in order to increase overall minimum cybersecurity level 5.51.6.1:C02 Updated Turkey (Istanbul) timezone to GMT +3. 5.51.6.1:C03 Improved robustness of the O3C client. Corrections in 5.51.6 since 5.51.5.2 ===================================== 5.51.6:C01 Improved robustness of the O3C client. 5.51.6:C02 Removed the root users default password in factory defaulted firmware. The password of the root user must be set first in order to initialize VAPIX and ONVIF interfaces to allow further configuration. This change only affects products in its factory defaulted state, products that are already deployed in production systems are not affected by this update until factory defaulted. Corrections in 5.51.5.2 since 5.51.5.1 ======================================= 5.51.5.2:C01 Corrected an issue that caused event notifications not been triggered on storage disruption. 5.51.5.2:C02 Improved re-connection behavior to AVHS server. The time between failed connection attempts will now gradually increase until a hard limit is reached. 5.51.5.2:C03 A user with administrator rights can now upload PTZ drivers for those cameras supporting this feature. Note that a factory default will be required to remove the old permissions sets from the firmware. 5.51.5.2:C04 Corrected an issue that caused an overload of the CPU after enabling IP adress filtering. 5.51.5.2:C05 Corrected common vulnerabilities in the Linux kernel to increase overall minimum cyber security level. CVE-2010-2960, CVE-2010-4175. 5.51.5.2:C06 Patched security vulernability CVE-2018-14526 in WPA supplicant to increase overall minimum cyber security level. Corrections in 5.51.5.1 since 5.51.5 ==================================== 5.51.5.1:C01 Corrected an issue that caused the action engine to respawn on scheduled triggered action events. 5.51.5.1:C02 Corrected an issue that caused SD cards to become full and write protected on rare occasions. Corrections in 5.51.5 since 5.50.5 ================================== 5.51.5:C01 Updated R2 GlobalSign Root Certificate to version 20170717. 5.51.5:C02 Corrected an issue that let the camera become unresponsive in rare occasions when connected to an AVHS system. 5.51.5:C03 Corrected critical vulnerability ACV-128401. Known Bugs/Limitations ====================== 5.51.6.1:L01 It is recommended to unmount the SD Card before ejecting it. 5.51.6.1:L02 Recordings made with firmware earlier than 5.20 will not be readable on the SD Card from the 5.50 firmware. Backup important recordings and reformat the SD Card after the firmware upgrade. 5.51.6.1:L03 Upgrading from firmware 5.40 and prior requires an upgrade of the recordings database. This can take up to five minutes and is conducted on first boot. Make sure to not remove power or SD card during the first five minutes after upgrading the device. 5.51.6.1:L04 Remote back focus operation will be disabled when temperature is too low. Information will be shown in the system log. 5.51.6.1:L05 Check and repair is only available if the file system is ext4. 5.51.6.1:L06 Recording streams with a total bit rate above 12Mbit/sec to SD Card may cause missing frames/sequences. 5.51.6.1:L07 When using action rule resulting in short recordings, it is recommended to extend post-event time. 5.51.6.1:L08 With audio enabled, the initial connection latency increases. 5.51.6.1:L09 Sometimes IR cut filter switches between ON/OFF after factory default when illuminance is 7-10 lux. 5.51.6.1:L10 Color parameter has no effect when pulling RTSP stream with color=0. 5.51.6.1:L11 Sensor capture mode should be set during the initial product configuration as it affects the available resolutions. Changing it in real time requires other resolution related configuration changes on the camera and possibly a recording software. For example, if a resolution that is not available for one capture mode is requested, the reply will be "bad request". 5.51.6.1:L12 It may be necessary to disable both "Advanced video rendering" and "Enable overlays" in the Control Panel -> AXIS Media Control in order to get a smoother H.264 video in Live view in 3MP and HDTV highest resolution. 5.51.6.1:L13 Local recording playback fails when using Motion JPEG with resolution 2048x1536 and associated audio. Workaround: Use H.264 instead. 5.51.6.1:L14 If text overlay is more than 460 characters long, no text will be displayed. 5.51.6.1:L15 Private keys need to be in a PKCS#1 format in order to function. 5.51.6.1:L16 A maximum of 100 installed certificates is allowed. 5.51.6.1:L14 If downgrading to previous firmware version, a factory default is recommended after performing the downgrade. Application Developer Information ================================= The AXIS VAPIX Application Programming Interface version 3 is supported by the AXIS P3343/P3344. For more information, please refer to the AXIS VAPIX HTTP API specification version 3, part of the AXIS VAPIX API, available at www.axis.com. Supported AXIS VAPIX API Image Resolutions for AXIS P3343 Resolution Exceptions ========== ========== 800x600 800x500 800x450 640x480 640x400 640x360 480x360 480x300 480x270 320x240 320x200 320x180 240x180 176x144 160x120 160x100 160x90 768x576 1) 720x576 1) 704x576 1) 704x480 1) 704x288 1) 384x288 1) 704x240 1) 352x288 1) 352x240 1) 240x135 1) 192x144 1) 176x120 1) 80x60 1) 1) Not visible in web user interface Supported AXIS VAPIX API Image Resolutions for AXIS P3344 Resolution Exceptions ========== ========== 1280x800 1280x720 1024x768 1024x640 800x600 800x500 800x450 640x480 640x400 640x360 480x360 480x300 480x270 320x240 320x200 320x180 240x180 176x144 160x120 160x100 160x90 1440x900 1) 768x576 1) 720x576 1) 704x576 1) 704x480 1) 704x288 1) 704x240 1) 384x288 1) 352x288 1) 352x240 1) 240x135 1) 192x144 1) 176x120 1) 80x50 1) 1) Not visible in web user interface