[German]Just a note to users of bintec elmeg business routers. It's recommended, to update the firmware of these devices, because a nasty bug has been discovered. During port forwarding accidentally more ports as expected are being opened.
A data leak in German doctor's surgery
I became aware of this issue due to a security breach within a German doctor's surgery. A Server with sensitive patient data has been accessible unprotected via the internet (I've described the case within my German blog post Datenleck bei Arztpraxis und Schwachstelle bei der Telekom Digitalisierungsbox).
Beside the problem, that access to server shares has not been protected by user authorization, security experts found out, that the business routers provided by German Telekom under the brand 'Digitalisierungsbox' has a serious flaw. If an administrator configure a port forwarding, the firmware not only opens this port, but also the HTTP ports 80 to 89 and the HTTPS ports 440 to 449. These ports can then be reached via the Internet.
And there has been another big flaw: If somebody closes the accidentally opened ports and reboots the router (after a firmware update), there are cases, where the closed ports are getting reopened. Deutsche Telekom confirmed via a company spokesman that it had been informed about the security hole in port forwarding since May 2019. A firmware update that fixes the problem is now available for this router.
First it has been known, that it only affected Telekom business router Digitalisierungsbox Premium, offered to business customers. Later it was confirmed, that also business routers Digitalisierungsbox Standard and Smart are affected. I've blogged about that within my article Weitere Telekom Business-Router mit Sicherheits-Bug (27.11.2019). Ok, that's a German case with a business router offered only to German customers?
Bintec elmeg Business Routers affected
The vendor bintec elmeg is the manufacturer of German Telekom Digitalisierungsbox business routers. But this vendor also offers it's business routers to international customers, as you can read on the company's home page. On bintec elmeg's download site, there are firmware updates Release 10.2.7 Patch 2 to many business products, dated November 12 and November 25, 2019:
25.11.2019 – Release 10.2.7 Patch 2 available for
- be.IP
- be.IP plus
- be.IP 4isdn
- be.IP plus world
25.11.2019 – New Firmware v3.15.9 available for
- elmeg IP620/630
- elmeg IP640
13.11.2019 – Release 2.2.1.1 available for
- bintec W2022ac
12.11.2019 – Release 10.2.7 Patch 1 available for
- be.IP
- be.IP plus
- be.IP 4isdn
- be.IP plus world
- bintec W Series (incl. W2003ac, W2003ac-ext), WO Series, WI Series
- bintec W2002T-n
- bintec Rxxx2 Series
- bintec RSxx3 Serie
- bintec RXL Series
- bintec RT Series
29.10.2019 – Release 10.2.7 available for
- be.IP
- be.IP plus
- be.IP 4isdn
- be.IP plus world
- bintec W Series (incl. W2003ac, W2003ac-ext), WO Series, WI Series
- bintec W2002T-n
- bintec Rxxx2 Series
- bintec RSxx3 Serie
- bintec RXL Series
- bintec RT Series
So update the firmware of your bintec elmed Business Routers.
