Security Notification

Overview

Lighthouse 20.Q4.0 release is no longer available due to a security vulnerability that has been identified. Users should either roll back to 20.Q3 or take preventive actions outlined below

Details of the Security Issue

If remote syslog is enabled, the vulnerability results in plain text username and password details being written to the remote syslog server. Opengear does not host or log any customer information, so any vulnerability is limited to the users own internal systems.

This issue only occurs in the current release, Lighthouse 20.Q4, and only impacts users who have enabled remote syslog functionality.

Remediation Steps

We have removed the 20.Q4 release from our public FTP site and replaced it with 20.Q4.1 which addresses this issue. We recommend that you update as soon as possible.

If you have not updated and are still using 20.Q4.0 we suggest that you disable remote sysloging. Logs will not be written to remote syslog servers, and the username and password will not be written to any log location.

Additionally, we recommend any users who have logged into 20.Q4 to reset their password.

For more information

Please reach out to Opengear Support, https://opengear.com/support/contact-tech-support