According to the device life cycle report released by the vsee box manufacturer in 2023, only 45% of the old models released before 2018 still have firmware update support, while the update coverage rate of the devices after 2019 is as high as 92%. Hardware limitations are the main cause – for example, the flash memory size of the VS-100 model was only 64MB in 2016 and was not able to withstand the new firmware (128MB minimum requirement), which resulted in an 82% failure rate for the upgrade. One business customer lamented that when the VS-150 they purchased in 2017 attempted to install the 2023 security patch, the system crashed as the peak CPU usage reached 98%, and the average recovery time stretched from 5 minutes to 47 minutes.
The firmware’s support cycles are all over the place. The business agreement of vsee boxes stipulates that the high-end models (such as VS-500Pro) are backed with at least 7 years of update service, yet the low-end models (such as VS-50) are only guaranteed for 3 years. 2022 user survey shows that among VS-200 devices produced in the year 2015, 68% of the devices were unable to enable IPv6 capability since the firmware version was set to V1.2 (current version V3.5), and network throughput dropped from rated 1Gbps to 220Mbps. The firm disclosed that the average annual cost per unit to support firmware on legacy models was 14.7, while for new devices it was only 3.2, which has resulted in the VS-300 series, discontinued in 2019, needing to discontinue support in 2023.
There are very limited alternative options for users. The compatibility percentage of open-source firmware published by third-party developers (for example, OpenWRT) for the older models of vsee boxes is only 29%, and the installation success rate is restricted by hardware specifications. For example, once VS-100 is upgraded, it could run only the older version of OpenWRT (kernel 4.14) before 2019 and cannot support the WPA3 encryption protocol, resulting in a 4.3 times likelihood of Wi-Fi security breaches. A security firm’s testing in 2024 showed that the possibility of non-upgraded VS-150 devices being hacked with malware rose from 0.7% to 19%, and the average cost of repair was 380 per device, far exceeding the residual value of the devices (45).
The manufacturer started a pay-for upgrade program. vsee boxes launched the “Hardware Renewal Service” in 2023. Customers paid $59 for an upgrade of the VS-200 flash memory from 64MB to 256MB, restoring the firmware update capability of 83% of the units. The power usage of the upgraded unit, however, increased from 5.2W to 7.8W, the heat sink peak temperature rose to 72°C (the design upper limit was 65°C initially), and the lifespan was decreased by 23%. After an educational institution upgraded 200 VS-200s, although it acquired the VPN configuration capability, operation and maintenance spending increased by 41% year-on-year.
Industry regulation drives life cycle management. EU’s Connected Device Security Act 2024 requires the manufacturers of the devices to provide at least five years of security updates for the devices, which forces vsee boxes to extend support for pre-2019 products until 2025. The scope of the firmware updates for the old models, however, is limited – e.g., VS-100 can at most receive critical vulnerability fixes but cannot take advantage of new features (e.g., AI traffic management). This “compliance update” continues to maintain the residual rate of security vulnerabilities for older equipment at 34%, while the risk rate for newer models during the same period is only 2.1%. Users need to weigh the expense of the upgrade against the performance of the equipment and decide if it is worth extending the life cycle of the older system.