...

2N® Access Commander version 3.3.1 Firmware Support & Bugfix (April 2025)

This release adds support for 2NOS FW 2.47 (released in April 2025)

2N® Access Commander version 3.3 introduces better support for devices in remote network segments, support for additional SIP accounts in our intercom products (FW 2.46 required) and enhances security by validating the unique device certificate of our connected devices.

This release includes security fixes and addresses concerns regarding two user reported vulnerabilities that have been published as CVEs. More details can be found on our website - www.2n.com/en-GB/newsroom/latest-cve-disclosures-reinforce-our-commitment-to-cybersecurity/. It is strongly recommended that all users upgrade to version 3.3 to ensure the security of their installation.

New Features & Improvements:

Maintaining connection with remote devices

The current method of device discovery and then using that discovered IP address for connection works well for flat networks where our discovery protocol works unhindered, but when devices are on remote connections (eg, VPN, NAT or multi-segment topology) and the device IP address changes (such as a DHCP lease expiration) then the connection to this device is lost and cannot be reconnected. This release supports an optional mode where devices can report back to Access Commander via HTTP in the event of an address change.

Support for additional SIP accounts

Intercom firmware 2.46 now supports two additional SIP accounts (SIP 3 and 4) and a dedicated account for calling MS Teams extensions. Users in Access Commander can now be assigned phone numbers that call out via these accounts by applying the suffix /3, /4 or prefix 'msteams:' as appropriate. For example, number '3008/3' would call extension 3008 from an intercom's third SIP account or 'msteams:15684999' would call number 15684999 via MS Teams. The status of these additional accounts can be monitored on the devices monitoring page and on the device detail page.

Device certificate fingerprint validation

Three security options are now available for connected devices.

• None - Communication will be encrypted (HTTPS), but certificates will not be validated. This mode is the default.
• Certificate Fingerprint Validation - Checks the certificate fingerprint of the device and verifies its match with approved values. This method provides good security for encrypted communication. Note - devices with mismatched or unrecognised certificate fingerprints will no longer be synchronised.
• Full Certificate Validation (PKI) - Performs a complete certificate check according to PKI rules and requires certificates from trusted authorities. This option provides the highest level of security for encrypted communication. Devices without valid certificates signed by a trusted authority will no longer be synchronised.

Support for RFID card compatibility mode

RFID card compatibility mode allows cards with trailing characters that match, regardless of their overall length, to be treated as identical. Enabling this feature applies compatibility mode across all connected intercoms and access units. Prior to the introduction of this option, cards that 2NOS would recognize as identical were inconsistently handled by Access Commander, resulting in some cards being rejected when assigned to a user.

Corrections:

• Fixed a bug which caused problems when changing the password of a connected device.
• Attendance export now includes timestamp when user doesn't clock out.
• Addressed an issue with LDAP login.
• Card ID is now included in access logs for all card access events.

Additional Notes

• IMPORTANT - In May 2023, we announced the retirement of APIv2 in favour of our more advanced APIv3, with a one-year transition period where both versions were supported. Since version 3.2, APIv2 has been completely removed from Access Commander, and any integrations relying on APIv2 will no longer function. For more information on Access Commander's API, please refer to the documentation in the user manual.

• IMPORTANT - For security reasons, this version of Access Commander is not compatible with 2N Intercoms and 2N Access Units running firmware version 2.37 or older. Access Commander will not manage devices with these firmware versions even if compatibility mode is enabled. Please ensure all devices are running firmware version 2.38 or newer before upgrading.

Required Device Firmware Versions for Full Feature Support

• 2N IP Intercoms: 2.47.x
• 2N Access Unit: 2.47.x

Minimum Supported Firmware Versions (Devices running firmware older than these versions will not sync with Access Commander)

• 2N IP Intercoms: 2.42.x
• 2N Access Unit: 2.42.x
• 2N Indoor Touch 2.0: 4.3.x (Devices running earlier versions will be disabled in Access Commander)
• 2N Indoor Touch 1.0 is not supported in Access Commander

API Changes

• [APIv3 Change Log] https://www.2n.com/-/media/Files/Web/downloads/diffv3_v3_2_v3_3

2N® Access Commander version 3.3 (January 2025)

2N® Access Commander version 3.3 introduces better support for devices in remote network segments, support for additional SIP accounts in our intercom products (FW 2.46 required) and enhances security by validating the unique device certificate of our connected devices.

This release includes security fixes and addresses concerns regarding two user reported vulnerabilities that will be published as CVEs. Security advisory to be published on 2n.com. It is strongly recommended that all users upgrade to version 3.3 to ensure the security of their installation.

New Features & Improvements:

Maintaining connection with remote devices

The current method of device discovery and then using that discovered IP address for connection works well for flat networks where our discovery protocol works unhindered, but when devices are on remote connections (eg, VPN, NAT or multi-segment topology) and the device IP address changes (such as a DHCP lease expiration) then the connection to this device is lost and cannot be reconnected. This release supports an optional mode where devices can report back to Access Commander via HTTP in the event of an address change.

Support for additional SIP accounts

Intercom firmware 2.46 now supports two additional SIP accounts (SIP 3 and 4) and a dedicated account for calling MS Teams extensions. Users in Access Commander can now be assigned phone numbers that call out via these accounts by applying the suffix /3, /4 or prefix ‘msteams:’ as appropriate.
For example, number ‘3008/3’ would call extension 3008 from an intercom’s third SIP account or ‘msteams:15684999’ would call number 15684999 via MS Teams. The status of these additional accounts can be monitored on the devices monitoring page and on the device detail page.

Device certificate fingerprint validation

Three security options are now available for connected devices.

• None - Communication will be encrypted (HTTPS), but certificates will not be validated. This mode is the default.
• Certificate Fingerprint Validation - Checks the certificate fingerprint of the device and verifies its match with approved values. This method provides good security for encrypted communication. Note - devices with mismatched or unrecognised certificate fingerprints will no longer be synchronised.
• Full Certificate Validation (PKI) - Performs a complete certificate check according to PKI rules and requires certificates from trusted authorities. This option provides the highest level of security for encrypted communication. Devices without valid certificates signed by a trusted authority will no longer be synchronised.

Support for RFID card compatibility mode

RFID card compatibility mode allows cards with trailing characters that match, regardless of their overall length, to be treated as identical. Enabling this feature applies compatibility mode across all connected intercoms and access units. Prior to the introduction of this option, cards that 2NOS would recognize as identical were inconsistently handled by Access Commander, resulting in some cards being rejected when assigned to a user.

Additional Notes

• IMPORTANT - In May 2023, we announced the retirement of APIv2 in favour of our more advanced APIv3, with a one-year transition period where both versions were supported. Since version 3.2, APIv2 has been completely removed from Access Commander, and any integrations relying on APIv2 will no longer function. For more information on Access Commander’s API, please refer to the documentation in the user manual.

• IMPORTANT - For security reasons, this version of Access Commander is not compatible with 2N Intercoms and 2N Access Units running firmware version 2.37 or older. Access Commander will not manage devices with these firmware versions even if compatibility mode is enabled. Please ensure all devices are running firmware version 2.38 or newer before upgrading.

Required Device Firmware Versions for Full Feature Support

• 2N IP Intercoms: 2.46.x
• 2N Access Unit: 2.46.x

Minimum Supported Firmware Versions (Devices running firmware older than these versions will not sync with Access Commander)

• 2N IP Intercoms: 2.42.x
• 2N Access Unit: 2.42.x
• 2N Indoor Touch 2.0: 4.3.x (Devices running earlier versions will be disabled in Access Commander)
• 2N Indoor Touch 1.0 is not supported in Access Commander

API Changes

• [APIv3 Change Log] https://www.2n.com/-/media/Files/Web/downloads/diffv3_v3_2_v3_3

...

• Installations using the Basic license can now manually approve ‘incompatible’ device firmware versions.
• Door Managers can now hold doors open directly from the door widget.
• Presence can now be enabled without requiring an attendance license.

Additional Notes

• IMPORTANT - In May 2023, we announced the retirement of APIv2 in favor of the more advanced APIv3, with a one-year transition period where both versions were supported. As of this release, APIv2 has been completely removed from Access Commander, and any integrations relying on APIv2 will no longer function. For more information on Access Commander’s API, please refer to the documentation in the user manual.

• IMPORTANT - For security reasons, this version of Access Commander is not compatible with 2N Intercoms and 2N Access Units running firmware version 2.37 or older. Access Commander will not manage devices with these firmware versions even if compatibility mode is enabled. Please ensure all devices are running firmware version 2.38 or newer before upgrading.

• Integration with the Milestone XProtect plugin is not compatible with 2FA. Do not enable 2FA for the Milestone user login.

Required Device Firmware Versions for Full Feature Support

• 2N IP Intercoms: 2.46.x
• 2N Access Unit: 2.46.x

Minimum Supported Firmware Versions (Devices running firmware older than these versions will not sync with Access Commander)

• 2N IP Intercoms: 2.40.x
• 2N Access Unit: 2.40.x
• 2N Indoor Touch 2.0: 4.3.x (Devices running earlier versions will be disabled in Access Commander)
• 2N Indoor Touch 1.0 is not supported in Access Commander

API Changes

• [APIv3 Change Log] https://www.2n.com/en-US/download/diffv3_v31v323md

...

• User list export - Access Commander now allows exporting User list in a form of CSV file with various attributes (e.g. zones and doors that users can enter or groups to which they belong). It is also possible to export a sync file containing users data, edit it and then synchronize again so that the changes in CSV are propagated back to Access Commander. User list exports are especialy useful when the user data stored in Access Commander is supposed to be used by another system or when external auditor without access to Access Commander needs to check the data and possibly make necessary changes.

• Assigning credentials to users in bulk - It is now possible to assign PIN codes, QR codes and Bluetooth pairing PIN codes to multiple users at once. This significantly reduces the time of new users onboarding. Email template for Bluetooth credentials can newly be edited in the same way as the other email templates so that admins may adapt its content to their company needs and make their users better perceive it. To increase security when a large number of pairing PIN codes is active, the number of PIN code digits has been increased from 6 to 8.

Corrections:

• Device monitoring upgrade issue fixed.

...