Lancom Systems - 1793VA-4G+
IT Security Label
Product Information Page
For products bearing the IT Security Label, the manufacturer has undertaken to implement the security requirements of the BSI. Compliance with the requirements is monitored by the BSI on both an ad hoc and random basis. Nevertheless, vulnerabilities can occur in all IT products over time. Keep your digital products up to date by either carrying out security updates immediately or having them carried out automatically.
More about the IT Security Label
Security Information
A security update is available for this product. Please update the product yourself or make sure that this is done using the automatic update mechanism.
Known since: 12/04/2023
Information on the fixed vulnerability:
After writing a full configuration (e.g. an *.lcf file) with a further administrator with supervisor rights, the password of the administrator “root” could be reset – and therefore be deleted.
Information on the impact and rectification:
LCOS is affected as of version 10.80 RU1 by this security flaw. Lower LCOS versions as well as other LANCOM operating systems are not affected. The behavior has been fixed in the LCOS version 10.80 SU4.
Unauthorized access to the router from the WAN (Internet) is not possible through this security vulnerability.
In Public Spot scenarios with a separate guest network with VLAN or a WLC-Tunnel management access from the guest network to the access points is not possible and therefore the risk is eliminated.
Download link of the manufacturer:
https://www.lancom-systems.com/service-support/general-security-information
Duration and Manufacturer's Declaration
Duration of this IT Security Label: 17.05.2022 - 16.05.2024.
With the manufacturer's declaration the manufacturer commits during the term
- to comply with the required device characteristics,
- to inform the BSI about security vulnerabilities and
- to provide security updates.
Security relevant device properties for routers
Transparency
The manufacturer assures to provide transparent information regarding the security of the device. More about transparency...
Access authorization
The manufacturer ensures mechanisms (e.g. password, PIN or electronic key) which guarantee that only authorized persons can access the device. More about authorization...
Update
The manufacturer declares to provide security updates for the device immediately when specific security vulnerabilities are known. More about updates...
Encryption
The manufacturer assures that the device's communications, interactions, and some locally stored data (e.g. login credentials) are secured with encryption procedures in accordance with the Technical Guideline. More about encryption...
Data cleanup and data hygiene
The manufacturer states that the device includes mechanisms to erase data effectively so that it cannot be recovered easily, e.g. a reset button. More about data cleanup and data hygiene...
