ConnectPort X2 - RomPager - Evaluation of Security Vulnerability – VU#561444 Expanded info on CVE-20

Products

Digi XBee/RF
Solutions 2.4 GHz Modules Sub-1 GHz Modules Embedded Cellular Modems Gateways Modems/Adapters XCTU

Cellular
Solutions Routers Gateways Embedded Modems

Embedded
Systems System on Modules Single-Board Computers

Console
Servers

Serial
Servers Serial Device Servers Industrial/Hardened Wireless Serial Servers

USB and Serial
Connectivity USB Hubs USB over IP Hubs USB over Serial Hubs Serial Cards

FEATURED: Digi XBee Zigbee XCTU 4G LTE AnywhereUSB Digi TransPort ConnectCore
BROWSE ALL

Digi XBee Ecosystem
Explore and create wireless connectivity

Wireless Design Services
World class design and development

Remote Device Manager
Monitor and maintain deployments

Digi TrustFence
Built in security framework for the IoT

Technical Support Services
Support services to meet any need

Digi Smart Solutions
Temperature and task management
Services

Wireless Design Services Ideation, Definition and Planning
Digi Jolt Workshop Product Architecture
Rapid Proof-of-Concept Project Planning
Development and Test
Product Design Antenna Design Software and Firmware RF and Electrical Circuit Design
Circuit Board Layout Digi Product Integration Design Review Mechanical Design
Certification
Certification Assistance
Failure Analysis and Mitigation
Manufacturing Deployment
Manufacturing Test

Cloud Services Digi Remote Manager Support Services Expert Support Professional Services Compare Support Services Digi Smart Solutions is now SmartSense.co Food Service Retail Healthcare Transportation and Logistics Education

All Services
Solutions

Digi Smart Solutions is now SmartSense.co Food Service Retail Healthcare Transportation and Logistics Education

MORE AT SMARTSENSE.CO
Industries & Customers

Energy C&I Metering Demand Response Digital Oil Field Renewable Energy Smart Grid Tank Monitoring

Industrial Precision Agriculture Manufacturing Automation

Transportation Fleet Heavy Machinery Public Transit Rail

Retail Branch Office Networking Digital Signage and Kiosk Gaming Secure ATM

Smart Cities Intelligent Lighting Rail Bus Security Traffic Management Water & Wastewater

Medical Components for Medical Devices Outpatient Care Devices

Enabling wireless robotics aboard the space station

Digi Drives Digital Experience in Zero-Emissions-Capable Black Cab

Reduce Maintenance and Energy Costs While Keeping Residents Safe

All Stories
Resources

Documentation
Documentation for all Digi products
Forum
Receive answers from the community
Knowledge Base
Articles covering common questions
Resource Library
Read, watch and learn about M2M/IoT
Events
Training, webinars and industry events

Standards and Technologies
Hardware and software innovations
Projects Gallery
Collection of XBee projects
Videos
Library of tours and technical tips
GitHub Repository
Repository for Digi code examples
Security Center
Security news, information and resources

See All
Support

Expert Support
Upgrade for premium services
Professional Services
Development, consulting and training
Compare Support Services
Digi base, expert or professional services
Support Tools
Drivers, documentation and firmware

Download XCTU
View more

Support / Knowledge Base / ConnectPort X2 - RomPager - Evaluation of Security Vulnerability – VU#561444 Expanded info on CVE-20

Overview
Many Digi products contain and use the RomPager by Allegrosoft web server technology. It has come to our attention that this embedded web server, which is used for management of our devices contains what we have defined as a critical vulnerability. We urge any customer who may have one of these products where the administrative webserver is available on non-secure networks to either upgrade the firmware to a patched version or to disable the web server for management of these devices.

Affected Products
ConnectPort X2

ConnectPort X2 Firmware Downloads

Product Family	Part Number	Description	New Firmware	Link to upgrade
ConnectPort X2	X2-A11-EM-A	ConnectPort X2B S1 9210 8/16	2.17.1.2	Download
	X2-A11-EM-W	ConnectPort X2 S1 Ethernet 9210 8/16 Int	2.17.1.2	Download
	X2-HMA-EM-W	CPX2 DM900HP Ethernet AU3	2.17.1.2	Download
	X2-HMU-EM-A	CPX2 900HP Ethernet	2.17.1.2	Download
	X2-M91-EM-A	ConnectPort X2B DM 900 Pro 9210 8/16	2.17.1.2	Download
	X2-M11-EM-A	ConnectPort X2B DM 24 Pro 9210 8/16	2.17.1.2	Download
	X2-M11-EM-W	ConnectPort X2 DM 2.4 Pro Ethernet 9210 8/16 Int	2.17.1.2	Download
	X2-P81-EM-W	ConnectPort X2B 868 Pro 9210 8/16	2.17.1.2	Download
	X2-S11-EM-A	CPX2, XSC 9.6K Eth 9210	2.17.1.2	Download
	X2-T11-EM-A	ConnectPort X2 9XTend	2.17.1.2	Download
	X2-Z11-EM-A	ConnectPort X2 ZB Ethernet 9210 w/Python 8/16	2.17.1.2	Download
	X2-Z11-EM-I097	ConnectPort X2 ZB Eth 9210 Nalco	2.17.1.2	Download
	X2-Z11-EM-W	ConnectPort X2 ZB Ethernet 9210 8/16 Int	2.17.1.2	Download
	X2-Z11-EM-WI097	ConnectPort X2 ZB Eth 9210 Nalco Int	2.17.1.2	Download

Last updated: Aug 08, 2017

ConnectPort X2 - RomPager - Evaluation of Security Vulnerability – VU#561444 Expanded info on CVE-2014-9222, CVE-2014-9223

Recently Viewed Articles