Lancom LCOS with root password vulnerability
Lancom and the BSI report a configuration bug for the LCOS operating system: A vulnerability with the CVSS value of 6.8 can enable the acquisition of administrator rights. An update is available. The messages on the Lancom website and on the BSI website are not entirely compliant. Both report a vulnerability from LCOS version 10.80 RU1 onwards, but while Lancom sees no danger: “Unauthorized access to the router via the WAN (Internet) is not possible due to this security gap”, the BSI uses the note in its heading: “ Vulnerability allows Erlangen…