Lancom Systems - 1790VA-4G+
IT Security Label
Product Information Page
For products bearing the IT Security Label, the manufacturer has undertaken to implement the security requirements of the BSI. Compliance with the requirements is monitored by the BSI on both an ad hoc and random basis. Nevertheless, vulnerabilities can occur in all IT products over time. Keep your digital products up to date by either carrying out security updates immediately or having them carried out automatically.
More about the IT Security Label
Security Information
A security update is available for this product. Please update the product yourself or make sure that this is done using the automatic update mechanism.
Known since: 09/07/2024
Information on the fixed vulnerability:
Vulnerability in the RADIUS protocol (VU#456537)
When using RADIUS/UDP, an attacker can use a man-in-the-middle attack to convert an „Access-Reject“ from the RADIUS server into an „Access-Accept“ for the requesting device.
This results in the requesting device gaining access to the network. In general, the vulnerability on the RADIUS server must be rectified. For devices that act as RADIUS clients, the ‘Message authenticator’ forcing can optionally be activated.
Information on the impact and rectification:
The vulnerability has been fixed in the following firmware versions (RADIUS server) or can be mitigated using the ‘Require Message-Authenticator’ function (RADIUS client):
LCOS (RADIUS server and client):
10.50 RU14
10.72 RU8
10.80 RU6
Download link of the manufacturer:
https://my.lancom-systems.de/downloads/
Duration and Manufacturer's Declaration
Duration of this IT Security Label: 17.05.2022 - 16.05.2026.
With the manufacturer's declaration the manufacturer commits during the term
- to comply with the required device characteristics,
- to inform the BSI about security vulnerabilities and
- to provide security updates.
Security relevant device properties for routers
Transparency
The manufacturer assures to provide transparent information regarding the security of the device. More about transparency...
Access authorization
The manufacturer ensures mechanisms (e.g. password, PIN or electronic key) which guarantee that only authorized persons can access the device. More about authorization...
Update
The manufacturer declares to provide security updates for the device immediately when specific security vulnerabilities are known. More about updates...
Encryption
The manufacturer assures that the device's communications, interactions, and some locally stored data (e.g. login credentials) are secured with encryption procedures in accordance with the Technical Guideline. More about encryption...
Data cleanup and data hygiene
The manufacturer states that the device includes mechanisms to erase data effectively so that it cannot be recovered easily, e.g. a reset button. More about data cleanup and data hygiene...