CVE-2022-0778: Possible Denial of Service (DoS) from purposedly crafted TLS certificate
Security changes
DGW-15442 - CVE-2022-0778: Possible Denial of Service (DoS) from purposedly crafted TLS certificate
An important security flaw was found in the OpenSSL library affecting DGW version 48.4 and below. If exploited successfully, this vulnerability could cause the unit to reboot unexpectedly.
The CVE-2022-0778 has been addressed by upgrading the OpenSSL library to version 1.1.1n.
DGW-15338 - OWASP: Disable access to internal UART
Follow OWASP IoT Verification Requirement C.1:Verify that application layer debugging interfaces such USB, UART, and other serial variants are disabled or protected by a complex password.
DGW-15007 - User passwords are now securely hashed
User passwords are no longer saved in clear text, but instead saved in a cryptographically secure way, using the PBKDF2-HMAC-SHA256 hash algorithm.
Previously, when exporting a backup or configuration script, the passwords could be read in clear-text. Now, only the hashed passwords are visible.
A user cannot retrieve a forgotten password anymore, since it is impossible to reverse a hashed password into a clear-text password. In case all passwords are forgotten, a partial reset or factory reset can be done to restore to the factory initial passwords.
DGW-14973 - SIP: Support additional DHE ciphers
The SipEp service now supports the following DHE ciphers when using SIP over TLS:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Copyright Notice
Copyright 2022 Media5 Corporation.
This document contains information that is proprietary to Media5 Corporation.
Media5 Corporation reserves all rights to this document as well as to the Intellectual Property of the document and the technology and know-how that it includes and represents.
This publication cannot be reproduced, neither in whole nor in part, in any form whatsoever, without written prior approval by Media5 Corporation.
Media5 Corporation reserves the right to revise this publication and make changes at any time and without the obligation to notify any person and/or entity of such revisions and/or changes.