A more recent notification including patched firmware has been released, please see: https://opengear.zendesk.com/entries/56635965-CVE-2014-6271-CVE-2014-7169-aka-Shellshock-and-Aftershock-Patched-firmware-update-available
A vulnerability has been discovered in the bash command shell that allows remote command execution. An unauthenticated remote user can craft a request to the Opengear's embedded web service to run arbitrary shell commands.
To mitigate this, we recommend disabling access to the Opengear's HTTP and HTTPS Web Management service from any networks where remote access
may be possible from untrusted parties.
In the Opengear web UI, click System -> Services -> Service Access. Along the HTTP and HTTPS Web Management rows, uncheck the boxes of
any interfaces that are not connected to a 100% trusted network.
Please ensure you have some method of remote access still enabled and tested (e.g. SSH), then click Apply.
Alternatively, to allow access only to explicitly trusted source networks, follow the steps in this Knowledge Base article: https://opengear.zendesk.com/entries/56164405-How-do-I-restrict-service-access-to-connections-from-a-trusted-source-network-only-
Comments
0 comments
Article is closed for comments.