Available DGW Firmware Versions

Latest DGW Version

Previous DGW Version

Skip to end of metadata
Go to start of metadata

Security Improvement Notes

DGW Application 48.5.2718


Summary

ID Synopsis
DGW-14973 SIP: Support additional DHE ciphers
DGW-15007 User passwords are now securely hashed
DGW-15338 OWASP: Disable access to internal UART
DGW-15442 CVE-2022-0778: Possible Denial of Service (DoS) from purposedly crafted TLS certificate


Security changes

DGW-15442 - CVE-2022-0778: Possible Denial of Service (DoS) from purposedly crafted TLS certificate

An important security flaw was found in the OpenSSL library affecting DGW version 48.4 and below. If exploited successfully, this vulnerability could cause the unit to reboot unexpectedly.

The CVE-2022-0778 has been addressed by upgrading the OpenSSL library to version 1.1.1n.

DGW-15338 - OWASP: Disable access to internal UART

Follow OWASP IoT Verification Requirement C.1:Verify that application layer debugging interfaces such USB, UART, and other serial variants are disabled or protected by a complex password.

DGW-15007 - User passwords are now securely hashed

User passwords are no longer saved in clear text, but instead saved in a cryptographically secure way, using the PBKDF2-HMAC-SHA256 hash algorithm.

Previously, when exporting a backup or configuration script, the passwords could be read in clear-text. Now, only the hashed passwords are visible.

A user cannot retrieve a forgotten password anymore, since it is impossible to reverse a hashed password into a clear-text password. In case all passwords are forgotten, a partial reset or factory reset can be done to restore to the factory initial passwords.

DGW-14973 - SIP: Support additional DHE ciphers

The SipEp service now supports the following DHE ciphers when using SIP over TLS:

  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384


Copyright Notice

Copyright 2022 Media5 Corporation.

This document contains information that is proprietary to Media5 Corporation.

Media5 Corporation reserves all rights to this document as well as to the Intellectual Property of the document and the technology and know-how that it includes and represents.

This publication cannot be reproduced, neither in whole nor in part, in any form whatsoever, without written prior approval by Media5 Corporation.

Media5 Corporation reserves the right to revise this publication and make changes at any time and without the obligation to notify any person and/or entity of such revisions and/or changes.

www.media5corp.com