Written by Jan Otte on Thursday 20 June 2019 in the category Default.
This security advisory is a reaction on the recently discovered network vulnerabilities in Linux kernel (see below on particular names and links).
These vulnerabilities can, under certain circumstances, be used by an attacker against a range of our routers running current firmware (6.1.9) with the potential result of the router rebooting.
We have already prepared a patch which closes the vulnerabilities. The patch will be included in future firmware versions (6.1.10, 6.2.0) when these are released.
Until the new firmware versions are available, you may apply any of the recommended workaround. The easiest ...
Written by Jan Otte on Wednesday 17 October 2018 in the category Default.
This article main topic is about v2 factory settings and default use case, also discussing a few LAN attacks on high-level.
When you get a cellular router from Advantech CZ, the default settings fall into one of the three cases:
As for the first possibility - router pre-configured exactly to your needs: as described in the first article, there are several ways how ...
Written by Jan Otte on Monday 30 July 2018 in the category Default.
A very important topic to cover in this article series is something we call security model of the router.
Before getting to that, let's look at the user model. There are a few user models being used in the operating systems based on Linux. Please note that this definition is something to make our security model more understandable and help with further understanding of the securing process, it is not a formal definition as used in information science.
Written by Jan Otte on Wednesday 6 June 2018 in the category Default.
You are about to read the first article in the series of articles about securing our routers. The series is tailored to our router devices, teaching and showing some general and specific principles and also describing possibilities and use cases. While some of the knowledge here is usable also outside of the router devices, you should keep in mind that we are focusing on our cellular routers running Conel OS 6.x here.
This first article is a basic building block. We are going to describe the device and its basic characteristics and possibilities of accessing the device with an accent on security. Also, some basic use cases are to be touched here and the terminology used for the rest of the series established.
Written by Jan Otte on Tuesday 17 April 2018 in the category Default.
Some time ago there has been questions about impact of IoTroop/Reaper Malware on our devices. A week ago there has been another inquiry. As it seems to be an (unexpected) pattern, this short information announcement is given to public.
Written by Jan Otte on Wednesday 7 March 2018 in the category Default.
It has been some time since we implemented and enabled notifications on the Engineering Portal. The notifications are primarily meant as something extra for our distributors and partners (as it requires an account on EP), but for example the RSS can be used by anybody without an account needed - read on.
The notification system we have is, thanks to the tagging system we use for all products and documents, quite unique however it could take some time getting used to. Also, we are still ...
Written by Jan Otte on Wednesday 21 February 2018 in the category Default.
PCN is a name for a specific type of document. The abbreviation means Product Change Notification. It is a kind of a document we issue when there is important change in one or more products we are manufacturing.
Not every change in a product requires a PCN. The documents are here so that we can communicate changes that may have impact on our partners, distributors and customers. Other changes, like, replacing one end-of-life component with equivalent one, may not be significant enough for creating a ...
Written by Petr Hanuš on Tuesday 13 February 2018 in the category Default.
The Firmware Over-The-Air (FOTA) user module is an additional feature of Advantech routers. This module will assure the correct firmware for cellular module is chosen, downloaded and installed into the router automatically. Only the firmware of the cellular module is updated (not the firmware of the router).
The user module is easy to use – it can be activated with just one checkbox. The router must be connected to the Internet in order to use FOTA updates. The module checks for the new cellular module firmware every 24 hours. It is also possible to check ...
Written by Petr Hanuš on Thursday 8 February 2018 in the category Default.
Since January 2018, we have been using alphanumeric form of product serial numbers. An example of such number could be:
There are some ideas hidden behind the new serial number scheme but this post is about R-SeeNet.
For those unfamiliar with R-SeeNet, it is a legacy Router monitoring tool that is still being supported and maintained.
If you are using this tool, you need to update it via patch linked below to get reasonable level of support for the new serial numbers. Without this patch, the new serial numbers are not being displayed ...
Written by Jan Otte on Thursday 11 January 2018 in the category Default.
Early this year, a few vulnerabilities impacting inside-CPU code were announced.
While there is not a full disclosure available to us at present time, we can tell a few things now.
First, not all of the vulnerabilities are limited to x86 architecture. The ARM architecture is impacted as well.
While keeping this brief and understandable, the nature of announced vulnerabilities (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754) lies in the problems connected with a few techniques used inside of the CPU.
The known impact is information leak via side effects of speculative execution. "Speculative execution" is nothing extraordinary. ...