We've just released a very important security release of the following products:
The primary change in these versions is a fix for a vulnerability that allows unauthenticated users to gain access to the device via HTTP(s).
All previous versions are affected.
It's highly recommended to upgrade to the latest versions as soon as possible. If you have any questions, feel free to open a new thread or send me an email (firstname.lastname@example.org).
For downloads and full release notes on these versions, please see:
EDIT: We have released updated versions of 5.5.x with this security update. You can find these under "Past Firmware" section.
XW.v5.5.10-u2.28005.150723.1358.bin (XW units shipping with 5.5.11 will need to use 5.6.2+. 5.5.11 for XW is not patched)
For legacy airOS 4 devices. DOWNLOAD
NOTE: This vulnerability was reported via our Hacker Bug Bounty program under private disclosure. At this time we have no reason to believe there are any leaks of this information or known exploits.