Security: Update your bintec elmeg Business Routers!

[German]Just a note to users of bintec elmeg business routers. It’s recommended, to update the firmware of these devices, because a nasty bug has been discovered. During port forwarding accidentally more ports as expected are being opened.


Advertising

A data leak in German doctor’s surgery

I became aware of this issue due to a security breach within a German doctor’s surgery. A Server with sensitive patient data has been accessible unprotected via the internet (I’ve described the case within my German blog post Datenleck bei Arztpraxis und Schwachstelle bei der Telekom Digitalisierungsbox).

Beside the problem, that access to server shares has not been protected by user authorization, security experts found out, that the business routers provided by German Telekom under the brand ‘Digitalisierungsbox’ has a serious flaw. If an administrator configure a port forwarding, the firmware not only opens this port, but also the HTTP ports 80 to 89 and the HTTPS ports 440 to 449. These ports can then be reached via the Internet.

And there has been another big flaw: If somebody closes the accidentally opened ports and reboots the router (after a firmware update), there are cases, where the closed ports are getting reopened. Deutsche Telekom confirmed via a company spokesman that it had been informed about the security hole in port forwarding since May 2019. A firmware update that fixes the problem is now available for this router.

First it has been known, that it only affected Telekom business router Digitalisierungsbox Premium, offered to business customers. Later it was confirmed, that also business routers Digitalisierungsbox Standard and Smart are affected. I’ve blogged about that within my article Weitere Telekom Business-Router mit Sicherheits-Bug (27.11.2019). Ok, that’s a German case with a business router offered only to German customers?

Bintec elmeg Business Routers affected

The vendor bintec elmeg is the manufacturer of German Telekom Digitalisierungsbox business routers. But this vendor also offers it’s business routers to international customers, as you can read on the company’s home page. On bintec elmeg’s download site, there are firmware updates Release 10.2.7 Patch 2 to many business products, dated November 12 and  November 25, 2019:


Advertising

25.11.2019 – Release 10.2.7 Patch 2 available for

25.11.2019 – New Firmware v3.15.9 available for

13.11.2019 – Release 2.2.1.1 available for

12.11.2019 – Release 10.2.7 Patch 1 available for

29.10.2019 – Release 10.2.7 available for

So update the firmware of your bintec elmed Business Routers.


Advertising


This entry was posted in devices, Security, Update and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *