Lancom and the BSI report a configuration bug for the LCOS operating system: A vulnerability with the CVSS value of 6.8 can enable the acquisition of administrator rights. An update is available.
The messages on the Lancom website and on the BSI website are not entirely compliant. Both report a vulnerability from LCOS version 10.80 RU1 onwards, but while Lancom sees no danger: “Unauthorized access to the router via the WAN (Internet) is not possible due to this security gap”, the BSI uses the note in its heading: “ Vulnerability allows gaining administrator rights”.
Root password is overwritten blank
Apparently Lancom was informed by a user that when another administrative user is created using the Windows setup assistant, the administrator's root password is simply deleted. LCOS is affected by this security vulnerability starting with version 10.80 RU1. Lower LCOS versions or other LANCOM operating systems are not affected. The behavior is fixed in LCOS version 10.80 SU4.
Lancom also announces: In public spot scenarios with a separate guest network, management access from the guest network to the access points is not possible due to the use of VLAN or a WLC tunnel and thus a threat is excluded. LANCOM Systems strongly recommends installing the error-corrected LCOS version 10.80 SU4.
More at Lancom-Systems.de
About LANCOM Systems LANCOM Systems GmbH is a leading European manufacturer of network and security solutions for business and administration. The portfolio includes hardware (WAN, LAN, WLAN, firewalls), virtual network components and cloud-based software-defined networking (SDN). Software and hardware development as well as production take place mainly in Germany, as is the hosting of the network management. Particular attention is paid to trustworthiness and security. The company has committed itself to ensuring that its products are free from backdoors and is the bearer of the “IT Security Made in Germany” quality mark initiated by the Federal Ministry of Economics.