Video Systems

Zhang Jiang, SH, China

All in one IPC Firmware

Release Notes

This document contains proprietary information of Honeywell International Inc. Information

contained herein is to be used solely for the purpose submitted, and no part of this
document or its contents shall be reproduced, published or disclosed to a third party
without the express permission of Honeywell International Inc.
All in one IPC Version No: V1.000.HW01.3.20200326
Release Notes Date: 03/26/2020

Modification History
Date
Version No. Changes made Author Reviewers
<mm/dd/yy>
V1.000.HW01.1.
08/23/2017 First release William Leo
20170823
V1.000.HW01.1.
09/07/2017 Fix bug William
20170907
V1.000.HW01.1.
10/12/2017 Fix bug William
20171012
V1.000.HW01.1.
10/18/2017 Fix bug William
20171018
V1.000.HW01.1.
03/06/2018 Fix bug William
20180306
V1.000.HW01.3.
08/20/2019 Fix bug Shi Yi
20190820
V1.000.HW01.3.
03/26/2020 Fix bug Shi Yi Cora
20200326

Honeywell Confidential & Proprietary Page 2 of 8

All in one IPC Version No: V1.000.HW01.3.20200326
Release Notes Date: 03/26/2020

Contents
1. Firmware Release Document 4
Release Notes................................................................................................................. 4
Firmware Version Information ......................................................................................... 4
What’s New and Fixed Issue List..................................................................................... 4
Un-implemented Features or Functions........................................................................... 8
Test Report ..................................................................................................................... 8

Honeywell Confidential & Proprietary Page 3 of 8

All in one IPC Version No: V1.000.HW01.3.20200326
Release Notes Date: 03/26/2020

1. Firmware Release Document

Release Notes
Product Name: All In One IPC
Product Model: HED2PER3、H4W4PER3、HEW4PER3、H4W4PER2、HBD2PER1、
HBW4PER1、HBW4PER2
Release Date: 03/26/2020

Firmware Version Information

Version File name Check Sum(MD5)

500-02845V3-
A_HON_Honeywell_Perf2H2018&AIO
File name 1472E30DB96B2BDC7D
-
<NTSC> 4608AC72DB4A39
IPC_Eng_NTSC_V1.000.HW01.3.2020
Software V1.000.HW01. 0326
Version 3.20200326 500-02845V3-
A_HON_Honeywell_Perf2H2018&AIO
File name 2A24E6CE7D187EAEC0
-
<PAL> DCDBD16EC7F10F
IPC_Eng_PAL_V1.000.HW01.3.202003
26

What’s New and Fixed Issue List

Date: 2020-03-26
Version: V1.000.HW01.3.20200326

No. Modification information type

1. This release contains important cybersecurity updates. Honeywell Fix bug

recommends that all users install this update as soon as practicable.

Date: 2019-08-20
Version: V1.000.HW01.3.20190820

No. Modification information type

1. Fix IPC reboot issue when connect with NVR Fix bug

2 Fix issue Security Notification SN 2019-09-02 02 Fix bug

3 Fix issue PSIRT429 Fix bug

Honeywell Confidential & Proprietary Page 4 of 8

All in one IPC Version No: V1.000.HW01.3.20200326
Release Notes Date: 03/26/2020

Date: 2018-03-06
Version: 1.000.HW01.1.20180306

No. Modification information type

1. Modify the easy4ip to P2P Fix

2 Repair https port modify restart led to the issue of third-party certificate was Fix
deleted

3 Repair generate a certificate read the private key file handle is not closed in Fix
time

4 Fix CVE-2017-1000253& CVE-2015-3332 Fix

5 Update zlib to 1.2.11 Fix

6 Update wpa_supplicant version 2.5 and fix cs issue Fix

7 Update openssl to 1.0.2k Fix

8 Fix port 49152 and 5000 Fix

9 Fix XSS (Cross-Site scripting) possible on the Web Client Fix

10 Fix Expired SSL certificate used for HTTPS communication to the Device Fix

11 Fix CLONE - Bypassing client side validation Fix

Date: 2017-10-18
Version: 1.000.HW01.1.20171018

No. Modification information type

1 Manual restart prompt is incorrect Fix issue

Date: 2017-10-12
Version: 1.000.HW01.1.20171012

No. Modification information type

1 HED2PER3 image yellowish problem optimization, adjust image configuration, Fix issue
Saturation adjustment to 40

2 4M IPC, the default value of the main stream is set to 1080P new feature

3 All-in-one IPC IP address, the current program is the default value of DHCP, new feature
please change the default value to 192.168.1.108.

4 Update the onvif library for the 17.06 version new feature

Date: 2017-09-07
Version: 1.000.HW01.1.20170907

No. Modification information type

Honeywell Confidential & Proprietary Page 5 of 8

All in one IPC Version No: V1.000.HW01.3.20200326
Release Notes Date: 03/26/2020

1 linux kernel repair Fix issue

2 Repair the certificate interface implementation of delete prompt when the Fix issue
wrong question

3 Update opensource library, including openssl_version = 1.0.2k sqlite_version = Fix issue

3.17.0 zlib_version = 1.2.11, because the IPC is not used to remove libpng
related content

4 H264 and H265 bit rate optimization Fix issue

Date: 2017-08-23
Version: 1.000.HW01.1.20170823

No. Modification information type

1 Support Honeywell GPC dedicated web interface: the use of Honeywell existing new feature
IPC interface customization, Honeywell LOGO color number # DE0031; model
name and version number is not displayed in the landing interface;

2 Support Honeywell dedicated DDNS; new feature

3 With Honeywell custom phone and tablet APP (HonView Touch) and HDCS use; new feature

4 Delete 666666 && 888888 users, only admin users; new feature

5 admin user's default password is modified to "1234"; new feature

6 Close port 23, disable Telnet function; new feature

7 Use Honeywell-specific Active X; new feature

8 The default time zone is changed to GTM + 0; new feature

9 Turn off automatic maintenance; new feature

10 Equipment model modified to Honeywell model; new feature

11 Delete the PSIA protocol; new feature

12 Need to support IE11, Firefox 46.0.1 and above; new feature

13 TLS1.2 only new feature

14 update with new honeywell self-signed certificate new feature

15 Certificate key with 2048 bits new feature

16 Don’t use RC4, MD5, SHA1 and AES-CBC， new feature

17 Return the X-Frame-Options or Content-Security-Policy (with the 'frame- new feature

ancestors' directive) HTTP header with the page's response

18 Set password auto-complete attribute to off new feature

19 Enable the camera to drop all the half open TCP connections after a workable new feature
timeout duration.

20 Sessionid is complicated new feature

21 Implement anti-CSRF token to protect against CSRF attacks. new feature

22 Forbid supporting backdoor tool fix

Honeywell Confidential & Proprietary Page 6 of 8

All in one IPC Version No: V1.000.HW01.3.20200326
Release Notes Date: 03/26/2020

23 Obscure password from serial port new feature

24 Use the dynamic certificate, the certificate ip with the device ip changes new feature

25 Disable second generation express entry new feature

26 https is enabled by default, remove the https checkbox new feature

27 First login to force a change of password new feature

28 Modify user name or password error blur new feature

29 Remove anonymous users new feature

30 Increase the username check, use the encryption method to obtain user new feature
information

31 Prevent XSS attacks fix

32 Fix the XSS problem that still exists when modifying the user fix

33 Special character verification rules keep pace with web new feature

34 Onvif library integration, fix some of the problems found in venus new feature

35 Implement http only new feature

36 Update snmp to version 5.7.3 new feature

37 Software encryption signature function new feature

38 Repair hardcore in the firmware and password information fix

39 Update busybox to version 1.26.2 new feature

40 Update sqlite to version 3.17.0 new feature

41 Repair H265 mode code rate is too high problem fix

42 Repair bonjour search device without _HON character problem fix

43 Repair pppoE can not dial the normal issue fix

44 Fixed an issue that could not be accessed after the success of the upnp map fix
(due to inherent architecture issues, currently only internal and external ports
are consistent)

45 After installing the root certificate, some browsers can not be trusted to login fix

46 Fix the https port can not modify the success problem fix

47 Repair the serial port to print some of the encrypted password fix

48 Remove T or R characters in firmware (including software version display, and new feature
bin file naming)

49 Repair DHCC-2017-01 issue Fix

50 Update openssl to 1.0.2k new feature

51 Update mDNS Responder to version 756.50.9 new feature

52 Remove libpng library new feature

53 Fix glibc vulnerability (fix bugs only, no updates) fix

Honeywell Confidential & Proprietary Page 7 of 8

All in one IPC Version No: V1.000.HW01.3.20200326
Release Notes Date: 03/26/2020

54 For CVE-2017-5972 and CVE-2015-1350 two loopholes, modify the kernel fix
configuration, to alleviate a small amount of DDOS attacks, flood attacks can
not resist

55 Fix CVE-2015-1350 kernel vulnerability Fix

56 Repair the export configuration for plain text problems Fix

57 When adding a user, https exposes the base-64 format encoding password new feature
issue

58 The private key in the firmware implements encrypted storage new feature

59 Fix the signature process to complete the crash even after the crash problem Fux

60 Increase the certificate deletion function new feature

61 Rename the software according to HW request new feature

62 Zlib updated to 1.2.11 new feature

Un-implemented Features or Functions

Test Report
Please attach the test report.

Honeywell Confidential & Proprietary Page 8 of 8