1. Network

Limit data usage with low data mode

You can set the different internet connection methods to use low data mode and save data consumption. This setting is most suitable when you are connected via the cellular method and have limited data plans or are in an area with slower internet speeds. Learn how to enable low data mode.

(When low data mode is turned on, reconnecting to the internet may take slightly longer after disconnection.)

Adjust sensitivity settings for a better experience

We've added new sensitivity settings you can adjust based on your network's condition. By default, “Sensitivity” is set to “Medium” for all connection methods. If your network is stable, you can set “Sensitivity” to “High” to enjoy an optimal experience in streaming, gaming, and more. You'll quickly switch to the backup network if your current network disconnects.

If your network is unstable, set “Sensitivity” to “Low” to prevent your network from switching constantly.

2. Parental Control

Protect the family with Bark's parental controls

Note: Bark's parental controls are now available on Flint 2 (MT-6000) running SDK 4.5,

Bark's parental controls (an award-winning child-monitoring tool) let you filter out certain websites and content categories, enable safe search on your child's search engine, and manage their screen time effortlessly.

Note that an active Bark subscription is required. Alternatively, use the existing parental controls at no additional cost.

3. VPN

Enable site-to-site OpenVPN using TAP

You can set up a site-to-site OpenVPN connection using TAP. In this way, devices connected to the OpenVPN client can remotely access devices connected to the OpenVPN server, and vice versa. This will, however, revoke the rules you set for the OpenVPN client. Learn how to enable TAP-S2S mode.

Secure WireGuard client-to-client traffic

When WireGuard's client-to-client traffic is enabled, your devices (or clients) can access one another remotely. Also, the traffic flowing between these devices is faster, more secure, and more stable, compared with port forwarding. With WireGuard's client-to-client traffic enabled, you can set up a WireGuard site-to-site VPN. Refer to this article for instructions.

Added compatibility with more VPN providers

Our OpenVPN setting now supports inputting askpass besides username and password, allowing compatibility with more VPN service providers.

Optimized WireGuard settings

The WireGuard setup now supports deleting your configuration files while saving your service credentials, i.e., username and password. In this way, you don't have to re-enter them each time you set up WireGuard with the same VPN service provider.

4. Other enhancements

Critical Security Updates

This firmware release fixed a vulnerability tracked as CVE-2023-46456 with a CVSS Score of 9.8. It was possible to inject arbitrary shell commands through the OpenVPN client file upload functionality. CVE-2023-46454 with a CVSS Score of 9.8 was also fixed. It was possible to inject arbitrary shell commands through a crafted package name.

Additionally, this release patched a vulnerability tracked as CVE-2023-46455 with a CVSS Score of 7.5, which could create the possibility of writing arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.

We also fixed CVE-2023-50919 which allowed an NGINX authentication bypass via Lua string pattern matching, and fixed CVE-2023-50920 which potentially allowed the sharing of session identifiers between different sessions and bypassing authentication or accessing control measures.

New security settings for local and remote controls

We added a new “Security” tab under “System” to include security configurations for both local and remote controls:

• The local control feature can prevent scanning and intrusion attempts on the default port.
• After enabling remote access, specific locations can be set to allow access, such as enabling remote access to home devices only from the office, sacrificing convenience for improved security.

Client isolation

You can isolate your network's client devices into a separate network area to prevent them from communicating with other devices on the same network.

Support for IPoE

This settings entry is only required if the provider's PPPoE server requires the interface to use a tagged specific VLAN ID.

Full Cone NAT & SIP ALG

You can enable full Cone NAT to reduce game latency. Note that enabling this option may make your traffic less secure.

In some cases, SIP ALG can be enabled to mitigate the effects of multiple NATs. Note that this setting when enabled may affect VoIP calls and cause certain issues, e.g., one-way audio (only one party can hear the other), phones not ringing during a call, phones dropping while connected, and calls going directly to voicemail.

Optimized LAN settings

We now support options to enable or disable DHCP and configure common DHCP parameters.

Option to enable auto-update

You can now turn on auto-update (named “Preview version”) to get the latest updates, fixes, and enhancements as soon as they’re available. You always have the option to turn off the setting again.