This page summarizes all known security issues, workarounds and fixes for the beroNet Gateway and Card Firmware.
...
The problem exists in all firmwares 2.X and 3.X. You can simply check if you can download a file with your browser by accessing the Web-URL:
https://IP-Adresse:Port/app/berogui/misc/fileContent.php?filename=/usr/conf/isgw.conf
Workaround & Precautions
To use this attack method http access to the gateway is required. Since in most use cases the gateway is behind a firewall, the http port should only be accessible by authorized administrators. The Firmware provides an ACL configuration.
NOTE: if the attacker already gained access to the internal files it is required to change the passwords to make sure the attacker can't use the data anymore.
Fixed Version
The Security hole is fixed starting from the 3.0.14 and the 16.01 Firmware. The 3.0.14 Firmware is planned to be released by 12.01.2017.
...