. . 

kia ora all,

been awhile, but a recent response from an ISP has left me somewhat dumbfounded. I know modem/router firmware updates are a long running saga but interested in seeing how common this sort of experience is:

An adoptive niece got a new Netcomm NF18 modem after the old one decided five years of 24/7 service was more than long enough and began bricking itself. Good enough I thought, unboxing the new modem, and taking a quick look at a reassuringly modern looking interface shown in an install-guide printed on card. However? 

From offline to online, the aKshUL modem interface was nothing like shown. Dated AF. Sigh. Version = NF18MESH-NC.VocusNZ-R6B023.EN .. cross checking that against the Netcomm site (without the vocusnz bit) shows that the R6B023 version does not show up there anymore, with the latest firmware versions showing as R6B031 from 2021 and, most recently, R6B032 from January 2026, see: https://support.netcommwireless.com/products/NF18MESH

However when I checked with the ISP concerned, I was told that I should not update to the latest firmware, as per email: 

"Thanks for your email regarding your concern that the newly delivered Netcomm NF18 modem is running older firmware compared with what is listed on the Netcomm website, and thank you for checking the version details so thoroughly.

"I understand why this would be concerning, especially when you are thinking about security and parental control features, and want to clarify this for you.

"The firmware currently installed on your Netcomm NF18 modem is not out of date for use on the [REDACTED] network, as it is a customised version that allows the modem to be preconfigured specifically for our services, which helps ensure a stable connection and allows us to support and troubleshoot the modem effectively if any issues arise.

"To answer your questions directly, we do not recommend installing the firmware from the Netcomm website, as doing so will remove the [REDACTED] configuration and the modem will then behave as a third party router, meaning it would need to be manually configured to work on our network and we would no longer be able to provide full support for it.

"As a helpful tip, if parental controls are your main concern, the existing firmware still supports basic control features, and using device level controls on individual devices can also be a practical option without affecting your modem’s configuration."

Basic .. does not even begin to describe it. Question:

Running ancient firmware seems to be accepted enough to be openly shared with customers, yet how is this not a YUGE security risk? Have ISPs got some sort of super-duper mitigation platform that keeps us all safe? 

They did refer to manual configuration but did not respond to a request for more details. I'm not naming the particular brand as yet, more interested in how widespread this sort of practice is in New Zealand, and whether the tech news headlines about security risks from unupdated modems is all fear mongering clickbait? 

thanks heaps ay,

jason

. . .