You are viewing an article about an obsolete product. Information on this page is provided as-is and not supported.

Connect WAN 3G/4G Family - RomPager - Evaluation of Security Vulnerability – VU#561444 Expanded info on CVE-2014-9222, CVE-2014-9223

Overview
Many Digi products contain and use the RomPager by Allegrosoft web server technology. It has come to our attention that this embedded web server, which is used for management of our devices contains what we have defined as a critical vulnerability. We urge any customer who may have one of these products where the administrative webserver is available on non-secure networks to either upgrade the firmware to a patched version or to disable the web server for management of these devices.


Affected Products
Connect WAN 3G, Connect WAN 3G IA, Connect WAN 4G

To obtain Connect WAN 3G/4G Family Firmware Downloads, please contact Digi Technical Support. https://www.digi.com/support 

 

Product Family Part Number Description New Firmware
Connect WAN 3G DC-WAN-B101-A Connect WAN 1XRTT Sprint 2.17.6.4
  DC-WAN-B205 Connect WAN IA X1RTT VZW 2.17.6.4
  DC-WAN-E300-W Connect WAN 3G Cell Ready W 2.17.6.4
  DC-WAN-T302-A Connect WAN 3G AT&T w/Ant 2.17.6.4
  DC-WAN-T311-A Connect WAN 3G Verizon 2.17.6.4
  DC-WAN-U301-A Connect WAN 3G HSPA w/ Ant 2.17.6.4
  DC-WAN-U801 Connect WAN 3G G3K no Access 2.17.6.4
  DC-WAN-U801-A Connect WAN 3G G3K US 2.17.6.4
  DC-WAN-U801-W Connect WAN 3G G3K Int 2.17.6.4
  DC-WAN-U901-A Connect WAN 3G HSPA+ US 2.17.6.4
  DC-WAN-U901-W Connect WAN 3G HSPA+ Int 2.17.6.4
Connect WAN 3G IA DC-WAN-P501 Connect WAN 3G IA HSPA 2.17.6.4
  DC-WAN-U805 Connect WAN 3G IA G3K 2.17.6.4
  DC-WAN-U905 Connect WAN 3G IA HSPA+ 2.17.6.4
Connect WAN 4G DC-WAN-Y301-A Connect WAN 4G 2.17.6.4
Last updated: Jan 03, 2024

Recently Viewed

No recently viewed articles

Did you find this article helpful?