Our cellular routers run a dedicated operating system (ICR-OS) that implements the core router functionality. This can be further extended by RouterApps and custom user scripts. We continuously maintain the ICR-OS as well as the RouterApps: we fix newly discovered security vulnerabilities or bugs and implement new features.
This page summarizes our software update policy.
The ICR-OS has a version number x.y.z (e.g., 6.2.3). When releasing a new version, we increment the:
The RouterApps follow similar principles. When a RouterApp packages a specific well-known component (such as Docker or Zabbix), it overtakes its version number.
For the ICR-OS we make our best effort:
Whenever possible, we make new features available to all product families. Some products, though, cannot support certain features. For example, models equipped with built-in eMMC memory are required to support Docker.
Each ICR-OS release is accompanied by Release Notes that describe new features, fixes, and other changes implemented in the firmware and identify which products are affected by the change.
As described in our Vulnerability Disclosure Policy, we calculate the severity (CVSS score) of each security vulnerability that affects our products.
For the ICR-OS, we make our best effort to fix each critical vulnerability (of CVSS score 9.0 and higher) within 60 days and each high severity vulnerability (of CVSS score 7.0 and higher) within 90 days after the vulnerability is published in NVD or reported to us.
For the RouterApps no particular remediation deadline is guaranteed.
We provide ICR-OS updates at least during the entire warranty period of each product, including the End-of-Life (EOL) products. The warranty period for each product family is listed in our Service Policy.