-defunct-

Just now, ekohn00 said:

and customer tools never get compromised in order to gain control of a network.......  (sarcasm in case you can't tell)

 

???

I would understand the sarcasm if it made sense.

No customer tools, software, or services were impacted.

The only issues were internal tools unrelated to anything to do with customers.

3 minutes ago, ekohn00 said:

so not in the application, but is in the backend services?

I understand what you're trying to say, but might need a bit of a tweak.

 

 

 

Internal, backend services would be employee tools, nothing that concerns customers and customer services.

It wasn't me, but it was my boss and PMs.

I'm in all the chats about the vuln though. It's been a wild scramble talking with all the teams to review everything we include in our products and services.

For my personal use and scanning my home network, I use OpenVAS community edition. It's free, but the VM needs cycled every once in a while since the OS does not update with the free version.

For work, we use Acunetix and Nessus, both have the ability to scan for the vulnerability just like OpenVAS. The only places we identified the vulnerability were in Composer and some back-end servers not exposed to the public. All of that is currently being worked on or has been fixed.

Nope.

Scanned my network with all Control4 products and ended up finding my Buffalo NAS is, lol

Yes. Migration wizard with Composer Pro (needs a dealer).

Ya, I'll admit that part isn't great.

I'll see what I can do in that regard because that would be beneficial for advanced homeowners.

That is correct. The tool used to audit programming via Composer is only in the Pro version.

Also note: Your dealer should have had you accept the privacy policy and EULA for the account. If they did not, that is a violation of Control4 policies and risks them being terminated.

You should have a login for customer.control4.com and your dealer should have their own login for my.control4.com.

You do not need to give any password to any dealer for them to be able to do their job.

If they need mobile app access to your system to modify the UI, then I suggest creating a secondary user in customer.control4.com for them where you can enable and disable access when you desire.

I believe you are using the OS2 app. If that is the case, then the IP would be of your primary Control4 controller.

That should be easy to find in your router dhcp list or with a network scanning tool like fing.

I would highly advise getting your driver updated and then making sure it is autoupdated.

Unfortunately, autoupdate half-worked in OS2, so you may have to update to OS3 before your system will continually get all driver updates with the autoupdate feature.

From my Android mobile:

-Click url link

-login with web browser,

-allow login

-close tab when web page says to

-go back to Control4 App

-click Home in the view to move off of settings

-click settings, logout button loads and account is noted as logged in.

Talked with a few on the dev team. It is possible to log in, but the flow for the UI isn't intuitive. The dev got where you guys are and then clicked in a few non-intuitive places to finish the login process.

There is a bug written up that will be looked at.

Hopefully the driver is enabled to be autoupdated in your projects, so they will update when a fixed version is released. If your projects do not have driver autoupdates enabled, then you will need a dealer to update the driver with Composer Pro.

Hmm, good point. I agree with you there.

I heard a tech asking if IPv6 is enabled on the router at the sites having issues authenticating and if disabling it resolves it.

Would be good to know if it did, but maybe something for you all to try.

A and B. The legacy method does not use the same method as the app, but the most recent OS3 versions utilize the same method as the mobile app (4sight).

Customers can shut off access to Control4 and their dealer through customer.control4.com or through their mobile app (service link in site settings).

C. If remote access is enabled, Control4 trusts the dealer will conduct business according to their dealer agreement. If that conduct is not according to the dealer agreement, they subject themselves to possible termination. Their actions are also recorded if they need reviewed.

Dealers are allowed to make their own continuing service terms. If that means they require managing the network, then it is their choice.

Not all dealers require that.

There is no downside to rebooting, but it really shouldn't be necessary.

If a C4 developed driver is failing over time, then it should have a replacement or update.

Glad to hear it!

Only thing I can think of is something with the hdmi switch isn't working with the cable box. That could range from hardware failure to just an HDMI EDID issue.

Ya, that is strange. If other streaming services that come from the Control4 controller work, then something must be wrong internally.

If you're not on 3.2.3, I would recommend being updated as a first step to attempt resolving.

Although, easy way to verify that is to play something from a different streaming service. If say like TuneIn worked and Amazon Music did not, that would be odd.

Have your dealer check the audio out volume on your Control4 controller. It may be at 0.

Since it looks to be 100% functional, I would look at your connections from the Control4 controller to your AVR or Amplifier.

Do you know the audio pathway from Control4 to your speakers?