This page summarizes all known security issues, workarounds and fixes for the beroNet Gateway and Card Firmware.
...
The problem has been identified on 0809.01.2017.
Possible Effects
...
The problem exists in all firmwares 2.X and 3.X. You can simply check if you can download a file with your browser by accessing the Web-URL:
...
Workaround & Precautions
To use this attack method http access to the gateway is required. Since in most use cases the gateway is behind a firewall, the http port should only be accessible by authorized administrators. The Firmware provides an ACL configuration.
NOTE: if the attacker already gained access to the internal files it is required to change the passwords to make sure the attacker can't use the data anymore.
Fixed Version
The Security security hole is fixed starting from the 3.0.14 and the 16 and in all firmwares starting from 16.01 Firmware. The 3.0.14 Firmware is planned to be released by 12.01.2017.05. Please note an update to the 16.X-Beta Versions requires a Factory Reset.
NOTE: please make sure to make a backup of your configuration before upgrading!