RomPager - Evaluation of Security Vulnerability – VU#561444 Expanded info on CVE-

RomPager - Evaluation of Security Vulnerability – VU#561444 Expanded info on CVE-2014-9222, CVE-2014-9223

Overview
Many Digi products contain and use the RomPager by Allegrosoft web server technology. It has come to our attention that this embedded web server, which is used for management of our devices contains what we have defined as a critical vulnerability. We urge any customer who may have one of these products where the administrative webserver is available on non-secure networks to either upgrade the firmware to a patched version or to disable the web server for management of these devices.

Affected Products
ConnecPort TS8/16, ConnectPort TS 4x4/4x2, Connect ES, Connect SP, Connect Wi-SP, Connect N2S, AnywhereUSB

Network Product Family. Firmware download is available on their respective product pages on the Digi Support website: https://hub.digi.com/support/products

Product Family	Part Number	Description	New Firmware
ConnectPort TS 8/16	50001346-03	ConnectPort TS 8 MEI	2.19.1.2
	70002329	ConnectPort TS 8 MEI Dom	2.19.1.2
	70002330	ConnectPort TS 8 MEI Int'l	2.19.1.2
	50001346-04	ConnectPort TS 8	2.19.1.2
	70002323	ConnectPort TS 8 Dom	2.19.1.2
	70002324	ConnectPort TS 8 Int'l	2.19.1.2
	50001551-01	ConnectPort TS 16	2.19.1.2
	70002388	ConnectPort TS 16 Dom	2.19.1.2
	70002389	ConnectPort TS 16 Int'l	2.19.1.2
	50001551-03	ConnectPort TS 16 MEI	2.19.1.2
	70002534	ConnectPort TS 16 MEI Dom	2.19.1.2
	70002535	ConnectPort TS 16 MEI Int	2.19.1.2
	50001551-04	ConnectPort TS 16 RS 232 48Vin	2.19.1.2
	70002538	ConnectPort TS 16 48VDC	2.19.1.2
ConnectPort TS 4x4/4x2	50001662-02	ConnectPort TS 4x4	2.8.10.1
	50001662-03	ConnectPort TS 4x2	2.8.10.1
	CPTS-4R4E	ConnectPort TS 4x4	2.8.10.1
	CPTS-4R2E	ConnectPort TS 4x2	2.8.10.1
Connect ES	50001320-17	Connect ES 8,4+1 SB EU	2.15.0.13
	DC-ES-8SB-SW-EU	Connect ES 8,4+1 SB EU	2.15.0.13
	50001320-18	Connect ES G2 8Ser/1Ether	2.15.0.13
	DC-ES-8SB-EU	Digi Connect ES 8 SB EU	2.15.0.13
	50001320-19	Connect ES G2 4Ser/5Ether	2.15.0.13
	DC-ES-4SB-SW-EU	Connect ES 4,4+1 SB EU	2.15.0.13
	50001320-20	Connect ES G2 4Ser/1Ether	2.15.0.13
	DC-ES-4SB-EU	Connect ES 4 SB EU	2.15.0.13
Connect SP	50001340-19	Connect SP -S MEI noPOE noJTAG Python	2.12.4
	DC-SP-01-S	Connect SP -S Domestic	2.12.4
	DC-SP-01-S-W	Connect SP -S International	2.12.4
Connect Wi-SP	50001312-18	Connect Wi-SP -S Python	2.17.6.4
	DC-WSP-01-S	Connect Wi-SP Domestic	2.17.6.4
	DC-WSP-01-S-W	Connect Wi-SP International	2.17.6.4
Connect N2S	50001375-01	Connect N2S-170	2.17.6.4
	DC-N2S-170-S	Connect N2S-170	2.17.6.4
AnywhereUSB	50001681-01	AnywhereUSB/14	v1.92.2004
	AW-USB-14	AnywhereUSB/14	v1.92.2004
	AW-USB-14-W	AnywhereUSB/14, Intl	v1.92.2004
	50001686-03	Assy,AnywhereUSB TS44	v1.92.2005
	AW-TS-44	AnywhereUSB TS	v1.92.2005
	50001689-01	Assy,Anywhere USB/2	v1.92.2001
	AW-USB-2	AnywhereUSB/2	v1.92.2001
	AW-USB-2-W	AnywhereUSB/2, Intl	v1.92.2001
	50001698-01	AnywhereUSB/5	v1.92.2001
	AW-USB-5	AnywhereUSB/5 Gen2	v1.92.2001
	AW-USB-5-W	AnywhereUSB/5 Intl Gen2	v1.92.2001
	50001698-04	AnywhereUSB/5 MHC	v1.92.2003
	AW-USB-5M	AnywhereUSB/5 MHC	v1.92.2003
	AW-USB-5M-W	AnywhereUSB/5 MHC Intl	v1.92.2003

Last updated: Aug 08, 2017

Filed Under

Network

RomPager - Evaluation of Security Vulnerability – VU#561444 Expanded info on CVE-2014-9222, CVE-2014-9223

Filed Under

Recently Viewed

Did you find this article helpful?

By Industry

By Application

Managed Services

DAL OS

Digi SureLink

Digi TrustFence

Digi ConnectCore Voice Control

Featured Technologies

Embedded Systems

Cellular and Networking

Professional Services

Resource Library

Support Resources

About Digi

Partners

RomPager - Evaluation of Security Vulnerability – VU#561444 Expanded info on CVE-2014-9222, CVE-2014-9223

Filed Under

Recently Viewed

Did you find this article helpful?