Re: unauthenticated access to devshell debugging URL

Since I'm not from Netgear I can't help you with the details about the fixed security issue you were asking. However I've had the M4100 in production and have since then handed them to local non-profits where some are still in use today.

Even though the M4100's had pretty stable firmware over the time (retired the last in mid 2019), there have been numerous bugfix releases since 2017 with quite some stability improvements (like randomly losing its config, luckily it never occured to me) and and also security-wise (disabling ciphers deemed outdated by modern standards etc.)

All mentioned switches are not that recent, so most of their known issues have been ironed out by now. The latest firmware for the M4100 and M7100 date back from october 2019, the latest for your XS712T is even from april 2017. That's definitely not bleeding edge anymore.

I'd upgrade them to their latest firmware at this point if I were you. IMHO it's not worth the hassle to hold out onto an old version which is missing fixed stability issues for these models.

I'm more prudent on things like the M4300 which get more developers attention and  update the firmware after letting it seed (test-deploy) to less important locations. - The latest M4300 firmware is from end of april 2020.

If issues pop up (be it in testbed or i.e. if things pop up in the forums), I can skip this release and roll back. Otherwise this firmware gets installed to main locations during the next planned maintenane. This way I can keep the changes small and identify if regressions have sneaked in between releases instead of making a big leap of faith during updates.