You are viewing an article about an obsolete product. Information on this page is provided as-is and not supported.

Connect WAN 3G/4G Family - RomPager - Evaluation of Security Vulnerability – VU#561444 Expanded info on CVE-2014-9222, CVE-2014-9223

Many Digi products contain and use the RomPager by Allegrosoft web server technology. It has come to our attention that this embedded web server, which is used for management of our devices contains what we have defined as a critical vulnerability. We urge any customer who may have one of these products where the administrative webserver is available on non-secure networks to either upgrade the firmware to a patched version or to disable the web server for management of these devices.

Affected Products
Connect WAN 3G, Connect WAN 3G IA, Connect WAN 4G

To obtain Connect WAN 3G/4G Family Firmware Downloads, please contact Digi Technical Support. 


Product Family Part Number Description New Firmware
Connect WAN 3G DC-WAN-B101-A Connect WAN 1XRTT Sprint
  DC-WAN-B205 Connect WAN IA X1RTT VZW
  DC-WAN-E300-W Connect WAN 3G Cell Ready W
  DC-WAN-T302-A Connect WAN 3G AT&T w/Ant
  DC-WAN-T311-A Connect WAN 3G Verizon
  DC-WAN-U301-A Connect WAN 3G HSPA w/ Ant
  DC-WAN-U801 Connect WAN 3G G3K no Access
  DC-WAN-U801-A Connect WAN 3G G3K US
  DC-WAN-U801-W Connect WAN 3G G3K Int
  DC-WAN-U901-A Connect WAN 3G HSPA+ US
  DC-WAN-U901-W Connect WAN 3G HSPA+ Int
Connect WAN 3G IA DC-WAN-P501 Connect WAN 3G IA HSPA
  DC-WAN-U805 Connect WAN 3G IA G3K
  DC-WAN-U905 Connect WAN 3G IA HSPA+
Connect WAN 4G DC-WAN-Y301-A Connect WAN 4G
Last updated: Mar 29, 2019

Recently Viewed

No recently viewed articles

Did you find this article helpful?