This page summarizes all known security issues, workarounds and fixes for the beroNet Gateway and Card Firmware.
ISSUE: files can be downloaded with the GUI without a session
The problem has been identified on 09.01.2017.
Users can download all files from the Filesystem, including the SIP configuration, the /etc/shadow file or the configuration database. If the attacker downloads the SIP Configuration he is able to make fraud calls.
How to determine if the Firmware is affected?
The problem exists in all firmwares 2.X and 3.X.
Workaround & Precautions
To use this attack method http access to the gateway is required. Since in most use cases the gateway is behind a firewall, the http port should only be accessible by authorized administrators. The Firmware provides an ACL configuration.
NOTE: if the attacker already gained access to the internal files it is required to change the passwords to make sure the attacker can't use the data anymore.
The security hole is fixed starting from the 3.0.16 and in all firmwares starting from 16.05. Please note an update to the 16.X-Beta Versions requires a Factory Reset.
NOTE: please make sure to make a backup of your configuration before upgrading!