Overview
Many Digi products contain and use the RomPager by Allegrosoft web server technology. It has come to our attention that this embedded web server, which is used for management of our devices contains what we have defined as a critical vulnerability. We urge any customer who may have one of these products where the administrative webserver is available on non-secure networks to either upgrade the firmware to a patched version or to disable the web server for management of these devices.
Affected Products
Connect WAN 3G, Connect WAN 3G IA, Connect WAN 4G
To obtain Connect WAN 3G/4G Family Firmware Downloads, please contact Digi Technical Support. https://www.digi.com/support
| Product Family |
Part Number |
Description |
New Firmware |
| Connect WAN 3G |
DC-WAN-B101-A |
Connect WAN 1XRTT Sprint |
2.17.6.4 |
| |
DC-WAN-B205 |
Connect WAN IA X1RTT VZW |
2.17.6.4 |
| |
DC-WAN-E300-W |
Connect WAN 3G Cell Ready W |
2.17.6.4 |
| |
DC-WAN-T302-A |
Connect WAN 3G AT&T w/Ant |
2.17.6.4 |
| |
DC-WAN-T311-A |
Connect WAN 3G Verizon |
2.17.6.4 |
| |
DC-WAN-U301-A |
Connect WAN 3G HSPA w/ Ant |
2.17.6.4 |
| |
DC-WAN-U801 |
Connect WAN 3G G3K no Access |
2.17.6.4 |
| |
DC-WAN-U801-A |
Connect WAN 3G G3K US |
2.17.6.4 |
| |
DC-WAN-U801-W |
Connect WAN 3G G3K Int |
2.17.6.4 |
| |
DC-WAN-U901-A |
Connect WAN 3G HSPA+ US |
2.17.6.4 |
| |
DC-WAN-U901-W |
Connect WAN 3G HSPA+ Int |
2.17.6.4 |
| Connect WAN 3G IA |
DC-WAN-P501 |
Connect WAN 3G IA HSPA |
2.17.6.4 |
| |
DC-WAN-U805 |
Connect WAN 3G IA G3K |
2.17.6.4 |
| |
DC-WAN-U905 |
Connect WAN 3G IA HSPA+ |
2.17.6.4 |
| Connect WAN 4G |
DC-WAN-Y301-A |
Connect WAN 4G |
2.17.6.4 |
Last updated:
Mar 29, 2019