This page summarizes all known security issues, workarounds and fixes for the beroNet Gateway and Card Firmware.
The problem has been identified on 08.01.2017.
Users can download all files from the Filesystem, including the SIP configuration, the /etc/shadow file or the configuration database. If the attacker downloads the SIP Configuration he is able to make fraud calls.
The problem exists in all firmwares 2.X and 3.X. You can simply check if you can download a file with your browser by accessing the Web-URL:
https://IP-Adresse:Port/app/berogui/misc/fileContent.php?filename=/usr/conf/isgw.conf
To use this attack method http access to the gateway is required. Since in most use cases the gateway is behind a firewall, the http port should only be accessible by authorized administrators. The Firmware provides an ACL configuration.
NOTE: if the attacker already gained access to the internal files it is required to change the passwords to make sure the attacker can't use the data anymore.
The security hole is fixed starting from the 3.0.14 and in all firmwares starting from 16.01. The 3.0.14 Firmware is planned to be released latest by 13.01.2017. An update to the 16.X-Beta Versions requires a Factory Reset.