Navigation and service

BSI - Federal Office for Information Security (Link to homepage)

TODO: Sicherheitskennzeichen von Lancom 1784VA

LANCOM Systems
Security information Security update
Valid until 16.05.2026IT-SIK-02009Broadband Router
Produktbild

A security update is available for this product.

Known since: 10/09/2024

Information on the fixed vulnerability:

On 05.09.2024, the company SSD Secure Disclosure published information regarding a security vulnerability in LCOS, through which an attacker could trigger a “Heap Overflow” in the webinterface. This leads to an unexpected reboot of the device (DoS attack).

Communication between LCOS devices and the LMC is not affected by this behavior, as the LCOS devices initiate the communication.

LANCOM Systems has already fixed the security vulnerability and will make the error-corrected versions available to download until 13.09.2024 at the latest. LANCOM Systems strongly recommends to update the firmware on your devices.

Current Firmware versions:

LCOS 10.80 SU8
LCOS 10.72 SU10
LCOS 10.50 SU15

Information on the impact and rectification:

LANCOM Systems recommends to prohibit access to the router from the WAN or limit access to VPN connections (Option 1) or at least restrict access to specific networks and/or IP addresses (Option 2).

Until the error-corrected firmware has been uploaded to the router, the web server services should be deactivated for the WAN interface (Option 3). Additionally, the feature IPSec-over-HTTPS should be deactivated. Please note, that in doing so, VPN connections can only be established via IPSec and some Advanced VPN Client connections may not work anymore.

 

Download link of the manufacturer:

https://my.lancom-systems.de/downloads/

Label

Security label for Lancom 1784VA

Label ID: IT-SIK-02009 , Duration: 17.05.2022 - 16.05.2026

IT Security Label

For products bearing the IT Security Label, the manufacturer has undertaken to implement the security requirements of the BSI. Compliance with the requirements is monitored by the BSI on both an ad hoc and random basis. Nevertheless, vulnerabilities can occur in all IT products over time. Keep your digital products up to date by either carrying out security updates immediately or having them carried out automatically.

More about the IT Security Label

Manufacturer declaration LANCOM Systems for Broadband Router

With the manufacturer's declaration, the manufacturer has assured the Federal Office for Information Security of the following points:

The manufacturer has assured that the product complies with the Technical Guideline Broadband Routers and this has been tested.

The manufacturer has assured that the product subject of this application has been tested according to the requirements of the Technical Guideline for Broadband Routers BSI TR-03148 and that it fulfills all mandatory requirements of the aforementioned Technical Guideline at the time of application and maintains them for the terms duration. He further assured that the recommended requirements of the aforementioned Technical Guideline are also fulfilled at the time of application and maintained for the terms duration, unless a contrary declaration of justified deviations was submitted with this application.

The manufacturer undertakes to inform the BSI immediately of any known security vulnerabilities.

For the terms duration, the manufacturer has committed to inform the Federal Office for Information Security unsolicited if the properties of the service declared by the manufacturer change as soon as they become known to it, including (temporary) disruptions to the information security of the product and security vulnerabilities.

The manufacturer commits to fix any vulnerabilities known to it without delay and to inform the BSI accordingly.

For the duration of the release, the manufacturer has further assured that it will immediately eliminate any security vulnerabilities that become known to it with regard to the product and notify the Federal Office for Information Security of the status of the measures taken for this purpose.

Endakkordion

IT Security Properties

Security properties of Broadband Routers

Transparency

The manufacturer assures to provide transparent information regarding the security of the device. More about transparency...

Access authorization

The manufacturer ensures mechanisms (e.g. password, PIN or electronic key) which guarantee that only authorized persons can access the device. More about authorization...

Update

The manufacturer declares to provide security updates for the device immediately when specific security vulnerabilities are known. More about updates...

Encryption

The manufacturer assures that the device's communications, interactions, and some locally stored data (e.g. login credentials) are secured with encryption procedures in accordance with the Technical Guideline. More about encryption...

Data cleanup and data hygiene

The manufacturer states that the device includes mechanisms to erase data effectively so that it cannot be recovered easily, e.g. a reset button. More about data cleanup and data hygiene...

Endakkordion

Product

Information for Lancom 1784VA

Manufacturer

Manufacturer

Lancom Systems GmbH
A Rhode & Schwarz Company

Address

Adenauerstrasse 20 / B2
52146 Würselen
GERMANY

Web
https://www.lancom-systems.de

Similar topics