RomPager - Evaluation of Security Vulnerability – VU#561444 Expanded info on CVE-2014-9222, CVE-2014-9223

Many Digi products contain and use the RomPager by Allegrosoft web server technology. It has come to our attention that this embedded web server, which is used for management of our devices contains what we have defined as a critical vulnerability. We urge any customer who may have one of these products where the administrative webserver is available on non-secure networks to either upgrade the firmware to a patched version or to disable the web server for management of these devices.

Affected Products
ConnecPort TS8/16,
ConnectPort TS 4x4/4x2, Connect ES, Connect SP, Connect Wi-SP, Connect N2S, AnywhereUSB

Network Product Family. Firmware download is available on their respective product pages on the Digi Support website:

Product Family Part Number Description New Firmware
ConnectPort TS 8/16 50001346-03 ConnectPort TS 8 MEI
  70002329 ConnectPort TS 8 MEI Dom
  70002330 ConnectPort TS 8 MEI Int'l
  50001346-04 ConnectPort TS 8
  70002323 ConnectPort TS 8 Dom
  70002324 ConnectPort TS 8 Int'l
  50001551-01 ConnectPort TS 16
  70002388 ConnectPort TS 16 Dom
  70002389 ConnectPort TS 16 Int'l
  50001551-03 ConnectPort TS 16 MEI
  70002534 ConnectPort TS 16 MEI Dom
  70002535 ConnectPort TS 16 MEI Int
  50001551-04 ConnectPort TS 16 RS 232 48Vin
  70002538 ConnectPort TS 16 48VDC
ConnectPort TS 4x4/4x2 50001662-02 ConnectPort TS 4x4
  50001662-03 ConnectPort TS 4x2
  CPTS-4R4E ConnectPort TS 4x4
  CPTS-4R2E ConnectPort TS 4x2
Connect ES 50001320-17 Connect ES 8,4+1 SB EU
  DC-ES-8SB-SW-EU Connect ES 8,4+1 SB EU
  50001320-18 Connect ES G2 8Ser/1Ether
  DC-ES-8SB-EU Digi Connect ES 8 SB EU
  50001320-19 Connect ES G2 4Ser/5Ether
  DC-ES-4SB-SW-EU Connect ES 4,4+1 SB EU
  50001320-20 Connect ES G2 4Ser/1Ether
  DC-ES-4SB-EU Connect ES 4 SB EU
Connect SP 50001340-19 Connect SP -S MEI noPOE noJTAG Python 2.12.4
  DC-SP-01-S Connect SP -S Domestic 2.12.4
  DC-SP-01-S-W Connect SP -S International 2.12.4
Connect Wi-SP 50001312-18 Connect Wi-SP -S Python
  DC-WSP-01-S Connect Wi-SP Domestic
  DC-WSP-01-S-W Connect Wi-SP International
Connect N2S 50001375-01 Connect N2S-170
  DC-N2S-170-S Connect N2S-170
AnywhereUSB 50001681-01 AnywhereUSB/14 v1.92.2004
  AW-USB-14 AnywhereUSB/14 v1.92.2004
  AW-USB-14-W AnywhereUSB/14, Intl v1.92.2004
  50001686-03 Assy,AnywhereUSB TS44 v1.92.2005
  AW-TS-44 AnywhereUSB TS v1.92.2005
  50001689-01 Assy,Anywhere USB/2 v1.92.2001
  AW-USB-2 AnywhereUSB/2 v1.92.2001
  AW-USB-2-W AnywhereUSB/2, Intl v1.92.2001
  50001698-01 AnywhereUSB/5 v1.92.2001
  AW-USB-5 AnywhereUSB/5 Gen2 v1.92.2001
  AW-USB-5-W AnywhereUSB/5 Intl Gen2 v1.92.2001
  50001698-04 AnywhereUSB/5 MHC v1.92.2003
  AW-USB-5M AnywhereUSB/5 MHC v1.92.2003
  AW-USB-5M-W AnywhereUSB/5 MHC Intl v1.92.2003
Last updated: Aug 08, 2017

Filed Under


Recently Viewed

No recently viewed articles

Did you find this article helpful?