RomPager - Evaluation of Security Vulnerability – VU#561444 Expanded info on CVE-2014-9222, CVE-2014-9223

Overview
Many Digi products contain and use the RomPager by Allegrosoft web server technology. It has come to our attention that this embedded web server, which is used for management of our devices contains what we have defined as a critical vulnerability. We urge any customer who may have one of these products where the administrative webserver is available on non-secure networks to either upgrade the firmware to a patched version or to disable the web server for management of these devices.

Affected Products
ConnecPort TS8/16,
ConnectPort TS 4x4/4x2, Connect ES, Connect SP, Connect Wi-SP, Connect N2S, AnywhereUSB

Network Product Family. Firmware download is available on their respective product pages on the Digi Support website: https://hub.digi.com/support/products

 
Product Family Part Number Description New Firmware
ConnectPort TS 8/16 50001346-03 ConnectPort TS 8 MEI 2.19.1.2
  70002329 ConnectPort TS 8 MEI Dom 2.19.1.2
  70002330 ConnectPort TS 8 MEI Int'l 2.19.1.2
  50001346-04 ConnectPort TS 8 2.19.1.2
  70002323 ConnectPort TS 8 Dom 2.19.1.2
  70002324 ConnectPort TS 8 Int'l 2.19.1.2
  50001551-01 ConnectPort TS 16 2.19.1.2
  70002388 ConnectPort TS 16 Dom 2.19.1.2
  70002389 ConnectPort TS 16 Int'l 2.19.1.2
  50001551-03 ConnectPort TS 16 MEI 2.19.1.2
  70002534 ConnectPort TS 16 MEI Dom 2.19.1.2
  70002535 ConnectPort TS 16 MEI Int 2.19.1.2
  50001551-04 ConnectPort TS 16 RS 232 48Vin 2.19.1.2
  70002538 ConnectPort TS 16 48VDC 2.19.1.2
ConnectPort TS 4x4/4x2 50001662-02 ConnectPort TS 4x4 2.8.10.1
  50001662-03 ConnectPort TS 4x2 2.8.10.1
  CPTS-4R4E ConnectPort TS 4x4 2.8.10.1
  CPTS-4R2E ConnectPort TS 4x2 2.8.10.1
Connect ES 50001320-17 Connect ES 8,4+1 SB EU 2.15.0.13
  DC-ES-8SB-SW-EU Connect ES 8,4+1 SB EU 2.15.0.13
  50001320-18 Connect ES G2 8Ser/1Ether 2.15.0.13
  DC-ES-8SB-EU Digi Connect ES 8 SB EU 2.15.0.13
  50001320-19 Connect ES G2 4Ser/5Ether 2.15.0.13
  DC-ES-4SB-SW-EU Connect ES 4,4+1 SB EU 2.15.0.13
  50001320-20 Connect ES G2 4Ser/1Ether 2.15.0.13
  DC-ES-4SB-EU Connect ES 4 SB EU 2.15.0.13
Connect SP 50001340-19 Connect SP -S MEI noPOE noJTAG Python 2.12.4
  DC-SP-01-S Connect SP -S Domestic 2.12.4
  DC-SP-01-S-W Connect SP -S International 2.12.4
Connect Wi-SP 50001312-18 Connect Wi-SP -S Python 2.17.6.4
  DC-WSP-01-S Connect Wi-SP Domestic 2.17.6.4
  DC-WSP-01-S-W Connect Wi-SP International 2.17.6.4
Connect N2S 50001375-01 Connect N2S-170 2.17.6.4
  DC-N2S-170-S Connect N2S-170 2.17.6.4
AnywhereUSB 50001681-01 AnywhereUSB/14 v1.92.2004
  AW-USB-14 AnywhereUSB/14 v1.92.2004
  AW-USB-14-W AnywhereUSB/14, Intl v1.92.2004
  50001686-03 Assy,AnywhereUSB TS44 v1.92.2005
  AW-TS-44 AnywhereUSB TS v1.92.2005
  50001689-01 Assy,Anywhere USB/2 v1.92.2001
  AW-USB-2 AnywhereUSB/2 v1.92.2001
  AW-USB-2-W AnywhereUSB/2, Intl v1.92.2001
  50001698-01 AnywhereUSB/5 v1.92.2001
  AW-USB-5 AnywhereUSB/5 Gen2 v1.92.2001
  AW-USB-5-W AnywhereUSB/5 Intl Gen2 v1.92.2001
  50001698-04 AnywhereUSB/5 MHC v1.92.2003
  AW-USB-5M AnywhereUSB/5 MHC v1.92.2003
  AW-USB-5M-W AnywhereUSB/5 MHC Intl v1.92.2003
Last updated: Jan 01, 2024

Filed Under

Network

Recently Viewed

No recently viewed articles

Did you find this article helpful?