Navigation and service

Lancom Systems - 1790VA-4G+

IT Security Label

Product Information Page

For products bearing the IT Security Label, the manufacturer has undertaken to implement the security requirements of the BSI. Compliance with the requirements is monitored by the BSI on both an ad hoc and random basis. Nevertheless, vulnerabilities can occur in all IT products over time. Keep your digital products up to date by either carrying out security updates immediately or having them carried out automatically.

More about the IT Security Label

Security Information

A security update is available for this product. Please update the product yourself or make sure that this is done using the automatic update mechanism.

Known since: 09/07/2024

Information on the fixed vulnerability:

Vulnerability in the RADIUS protocol (VU#456537)

When using RADIUS/UDP, an attacker can use a man-in-the-middle attack to convert an „Access-Reject“ from the RADIUS server into an „Access-Accept“ for the requesting device.

This results in the requesting device gaining access to the network. In general, the vulnerability on the RADIUS server must be rectified. For devices that act as RADIUS clients, the ‘Message authenticator’ forcing can optionally be activated.

Information on the impact and rectification:

The vulnerability has been fixed in the following firmware versions (RADIUS server) or can be mitigated using the ‘Require Message-Authenticator’ function (RADIUS client):

LCOS (RADIUS server and client):
10.50 RU14
10.72 RU8
10.80 RU6

Download link of the manufacturer:

https://my.lancom-systems.de/downloads/

Duration and Manufacturer's Declaration

Duration of this IT Security Label: 17.05.2022 - 16.05.2026.

With the manufacturer's declaration the manufacturer commits during the term

Security relevant device properties for routers

Transparency

The manufacturer assures to provide transparent information regarding the security of the device. More about transparency...

Access authorization

The manufacturer ensures mechanisms (e.g. password, PIN or electronic key) which guarantee that only authorized persons can access the device. More about authorization...

Update

The manufacturer declares to provide security updates for the device immediately when specific security vulnerabilities are known. More about updates...

Encryption

The manufacturer assures that the device's communications, interactions, and some locally stored data (e.g. login credentials) are secured with encryption procedures in accordance with the Technical Guideline. More about encryption...

Data cleanup and data hygiene

The manufacturer states that the device includes mechanisms to erase data effectively so that it cannot be recovered easily, e.g. a reset button. More about data cleanup and data hygiene...