Security information

Recommended protective measures for your R&S Networks and Cybersecurity products.

Contact for security issues

Would you like to contact us about security vulnerabilities – general or device-related? 
Please use the following e-mail address, encrypted if possible: security.rs-nc@rohde-schwarz.com (OpenPGP).


Support tips

Our support tips provide recommendations on configuring and managing your R&S Networks and Cybersecurity networks and information on support topics.
Read support tips

Logic vulnerability "__ptrace_may_access()" (CVE-2026-46333)

On 15.05.2026, the Qualys security researchers published information about a logic vulnerability in the Linux function "__ptrace_may_access()", which allows an unprivileged user to read sensitive files (e.g. the SSH key) and also execute arbitrary commands as root (CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path).

After thorough examination, we can report the following regarding our products:

  • LCOS and LCOS SX 3.xx are not affected by the vulnerability since no Linux is used.
  • LCOS SX 4.x, LCOS SX 5.x and LCOS LX use Linux. However, it is not possible to exploit the vulnerability since no user defined code can be executed. The vulnerability in the kernel will be fixed in an upcoming release update.
  • The R&S®LANCOM Management Cloud (R&S®LMC) is not affected. The underlying R&S®LMC infrastructure will be updated in a timely manner.
  • LCOS FX is affected when the Docker function is used. However, we do not consider this issue critical because LCOS FX uses docker VMs without root users ("rootless mode"). This ensures that no containers with elevated permissions can be run on the underlying system. In general, only Docker VMs from trustworthy sources should be used. An update to eliminate the vulnerability will be included in the upcoming LCOS FX release.

Security vulnerability "Pack2TheRoot" in Linux (CVE-2026-41651)

On 22.04.2026, security researchers from Deutsche Telekom's Red Team published information regarding the "Pack2TheRoot" security vulnerability in Linux, which allows an unauthorized attacker to remove or add system packages by means of the PackageKit service and thus gain root rights (Pack2TheRoot (CVE-2026-41651): Cross-Distro Local Privilege Escalation Vulnerability).

R&S Networks and Cybersecurity hardware and software products are not affected by the security vulnerability.


Security vulnerability "Fragnesia" in Linux (CVE-2026-46300)

On 13.05.2026, the security researcher William Bowling published information about the "Fragnesia" security vulnerability in Linux, which, similar to the "DirtyFrag" security vulnerability, can be used to obtain root rights by manipulating the page cache of the service xfrm-ESP (Fragnesia).

After thorough examination, we can report the following regarding our products:

  • LCOS and LCOS SX 3.xx are not affected by the vulnerability since no Linux is used.
  • LCOS SX 4.x, LCOS SX 5.x and LCOS LX use Linux. However, it is not possible to exploit the vulnerability since no user defined code can be executed. The vulnerability in the kernel will be fixed in an upcoming release update.
  • The R&S®LANCOM Management Cloud (R&S®LMC) is not affected. The underlying R&S®LMC infrastructure will be updated in a timely manner.
  • LCOS FX is affected when the Docker function is used. However, we do not consider this issue critical because LCOS FX uses Docker VMs without root users ("rootless mode"). This ensures that no containers with elevated permissions can be run on the underlying system. In general, only Docker VMs from trustworthy sources should be used. An update to eliminate the vulnerability will be included in the upcoming LCOS FX release.

Security vulnerability "Dirty Frag" in Linux (CVE-2026-43284, CVE-2026-43500)

On 07.05.2026, the security researcher Hyunwoo Kim published information about the "Dirty Frag" security vulnerability in Linux, which can be used to obtain root rights by manipulating the page cache of the xfrm-ESP and RxRPC services (Dirty Frag: Universal Linux LPE).

After thorough examination, we can report the following regarding our products:

  • LCOS and LCOS SX 3.xx are not affected by the vulnerability since no Linux is used.
  • LCOS SX 4.x, LCOS SX 5.x and LCOS LX use Linux. However, it is not possible to exploit the vulnerability since no user defined code can be executed. The vulnerability in the kernel will be fixed in an upcoming release update.
  • The R&S®LANCOM Management Cloud (R&S®LMC) is not affected. The underlying R&S®LMC infrastructure will be updated in a timely manner.
  • LCOS FX is affected when the Docker function is used. However, we do not consider this issue critical because LCOS FX uses Docker VMs without root users ("rootless mode"). This ensures that no containers with elevated permissions can be run on the underlying system. In general, only Docker VMs from trustworthy sources should be used. An update to eliminate the vulnerability will be included in the upcoming LCOS FX release.

Informations about the Linux vulnerability "Copy Fail"

The Linux security vulnerability "Copy Fail" (CVE-2026-31431) has been reported in the media. This vulnerability can be exploited by attackers who already have access to a system in order to gain root rights.

After a thorough examination, we can report the following in relation to our products:

  • LCOS and LCOS SX 3.xx are not affected by the vulnerability since no Linux kernel is used.
  • With LCOS SX 4.x, LCOS SX 5.x and LCOS LX, the vulnerability cannot be exploited because no user-specific code can be executed. The vulnerability in the kernel will be fixed in one of the upcoming releases.
  • The R&S®LANCOM Management Cloud (R&S®LMC) is not affected. The underlying R&S®LMC infrastructure will be updated with security fixes.
  • LCOS FX is affected when the Docker function is used. However, we do not consider this problem critical because LCOS FX uses a rootless container isolation that ensures that no containers with elevated permissions can be run on the underlying system. However, make sure that only trusted code is running inside the container. An update to eliminate the vulnerability will be included in the upcoming LCOS FX release update.

Security vulnerability "CrackArmor" in the Linux tool AppArmor

Security researchers from Qualys have found a group of security vulnerabilities in the Linux tool AppArmor, through which arbitrary AppArmor profiles could be loaded, replaced or reloaded, which enabled unprivileged attackers to gain root access by means of Local Privilege Escalations (CrackArmor: Multiple vulnerabilities in AppArmor).

R&S®LANCOM Unified Firewalls with LCOS FX use AppArmor and are therefore affected by the security vulnerability. Rohde & Schwarz Networks and Cybersecurity considers the security vulnerability less critical because there is no known way to initially obtain the simple permissions.

The security vulnerability has been fixed in LCOS FX 11.2 RU1 and 11.1 RU9. LCOS FX 11.2 RU1 can already be downloaded via the License portal or via the online updater. LCOS FX 11.1 RU9 will be available shortly. Rohde & Schwarz Networks and Cybersecurity recommends performing an update to one of these versions

All other R&S Networks and Cybersecurity hardware and software products are not affected by the security vulnerability.


Local Privilege Escalation Vulnerability in the LANCOM Trusted Access Client (NCPVE-2025-1015)

Our OEM partner NCP has fixed a security vulnerability in the LANCOM Trusted Access Client, through which compromised dynamic program libraries (*.dll) could be loaded and executed with system privileges by means of a modified OpenSSL configuration file (NCPVE-2025-1015).

The security vulnerability has been fixed in the LANCOM Trusted Access Client version 6.25 (Windows) and 1.01 (macOS). Rohde & Schwarz Networks and Cybersecurity strongly recommends updating to these versions (download area).


Information regarding the "AirSnitch" attack scenario in the Wi-Fi client isolation

Security researchers from the University of California and KU Leuven have developed an attack scenario using a known vulnerability in WLAN client isolation that can bypass the client isolation and intercept data traffic from other WLAN clients by using Machine-in-the-Middle (MitM) attacks (paper AirSnitch: Demystifying and Breaking Client Isolation in Wi-Fi Networks).

Rohde & Schwarz Networks and Cybersecurity sees no new vulnerability in this attack scenario. The bypass of the client isolation itself can only be used in WLAN networks where the client isolation is used (e.g. in guest networks). The underlying attack mechanisms can also be used in WLAN networks without client isolation, but the attacker must already be in the WLAN. To improve security, it is generally advisable to separate the WLAN networks via VLAN (or WLC tunnel if necessary). In addition, communication between the networks should be prevented on the gateway using firewall rules or interface tags.

R&S®LANCOM access points and WLAN routers with LCOS and access points with LCOS LX provide client isolation functions. The configuration of these devices can be modified in such a way that the attack scenario cannot be exploited. The corresponding configuration items are described in the following Knowledge Base articles:

Best practice recommendations for isolating WLAN client traffic for access points and WLAN routers with LCOS

Best practice recommendations for isolating WLAN client traffic for access points with LCOS LX


Security vulnerability in the webinterface of the Unified Firewalls

Rohde & Schwarz Networks and Cybersecurity has found a security vulnerability, which allows logged in administrators with permission to create backups to execute code.

Rohde & Schwarz Networks and Cybersecurity considers the vulnerability as not very critical, as it can only be exploited by administrators with comprehensive permissions, which should only be assigned to trustworthy employees. 

The security vulnerability has been fixed in LCOS FX 11.1 SU8 and LCOS FX 11.2 Rel. Both are available for download via the online updater and the license portal. Rohde & Schwarz Networks and Cybersecurity recommends performing an update to one of the error-corrected versions

All other R&S Networks and Cybersecurity hard- and software products are not affected by the security vulnerability.


Security vulnerability in the packet filter of Unified Firewalls

Thanks to customer feedback, we have found a security vulnerability in the packet filter, through which undesired data traffic was allowed, when using a Host/Network group or a VPN group in specific configurations (CVE-2025-67832). Additional information as well as a workaround can be found in this Knowledge Base article.

The security vulnerability affects LCOS FX up to and including version 11.1 RU6. The behavior has been fixed in LCOS FX 11.1 RU7 and in LCOS FX 11.2 Rel. Rohde & Schwarz Networks and Cybersecurity strongly recommends updating to one of the error-corrected versions.

Due to the security vulnerability, Rohde & Schwarz Networks and Cybersecurity will end the "Beschleunigte Sicherheitszertifizierung" (BSZ) of the BSI for LCOS FX 10.11 RU4 (for UF-360) and strongly recommends updating to one of the error-corrected versions.

All other R&S Networks and Cybersecurity hard- and software products are not affected by the security vulnerability.


Vulnerability in SSH server Dropbear - CVE-2025-14282

A security vulnerability has been published in the media in the Dropbear SSH server, allowing an attacker to expand rights in the system (see CVE-2025-14282).

Dropbear is partly used in our products. However, our analysis has shown that the affected versions are not used.

R&S Networks and Cybersecurity products are therefore not affected by this vulnerability.


strongSwan vulnerability - CVE-2025-62291

On 27.10.2025, the strongSwan developers published a blog post regarding a security vulnerability in the eap-mschapv2 plugin in strongSwan, which could potentially be used to execute any code (Remote Code Execution) via a buffer overflow (CVE-2025-62291).

LANCOM R&S®Unified Firewalls with LCOS FX use strongSwan, however the affected eap-mschapv2 plugin is not used. Therefore, LANCOM R&S®Unified Firewalls with LCOS FX are not affected by the security vulnerability.

All other LANCOM hardware and software products don’t use strongSwan and are therefore also not affected by the security vulnerability.


Security vulnerability in Redis - CVE-2025-62507

Articles regarding a security vulnerability in Redis were published in the media (Security Advisory on Github), which could potentially be used to execute any code (Remote Code Execution) via a buffer overflow (CVE-2025-62507).

R&S®LANCOM Unified Firewalls with LCOS FX use Redis in an unaffected version and are therefore not affected by the security vulnerability.

All other R&S Networks and Cybersecurity hardware and software products don’t use Redis and are therefore also not affected by the security vulnerability.


Security vulnerability in Squid - CVE-2025-62168

On 12.09.2025, the Squid developers published a Security Advisory regarding a security vulnerability, through which attackers could gain access to login credentials of authenticated users (CVE-2025-62168).

R&S®LANCOM Unified Firewalls with LCOS FX use Squid in an affected version. However, the integrated error pages do not allow exploitation of the vulnerability, and the error pages also cannot be modified by the administrator. Therefore, R&S®LANCOM Unified Firewalls with LCOS FX are not affected by the security vulnerability.

All other R&S Networks and Cybersecurity hardware and software products don’t use Squid and are therefore also not affected by the security vulnerability.


“RediShell“ security vulnerability (CVE-2025-49844)

On 03.10.2025, the developer of the database Redis published a Security Advisory regarding a security vulnerability, through which attackers could cause a “use-after-free“ by means of a specially prepared Lua script and thereby potentially execute arbitrary code (CVE-2025-49844).

R&S®LANCOM Unified Firewalls with LCOS FX use Redis in an affected version and are therefore affected by the security vulnerability. However, communication with the Redis database is only possible on the Cluster link between two Unified Firewalls in an HA cluster and is therefore not accessible from the Internet or from the LAN.

As the Cluster link of an HA cluster is especially protected (direct cable connection), Rohde & Schwarz Networks and Cybersecurity classifies the risk in this scenario as noncritical. Due to this reason, there won't be a backport to LCOS FX 10.13. The security vulnerability has been fixed in LCOS FX 11.1 RU6 (download). An update for LCOS FX-I will be published as LCOS FX-I 1.2 RU2.

All other R&S Networks and Cybersecurity hardware and software products don’t use the service Redis and are therefore not affected by the security vulnerability.


Privilege Escalation in the MSI installer of the Advanced VPN Client / LTA Client

Our OEM partner NCP has reported a security vulnerability in the Advanced VPN Client / LTA Client, through which attackers could gain administrative rights and execute arbitrary code on systems with Windows 10 during the installation, an update or the deinstallation.

Our OEM partner has already fixed the security vulnerability. Rohde & Schwarz Networks and Cybersecurity has made the error-corrected version 6.24 available for download.

The security vulnerability cannot be exploited under Windows 11. For customers who still work with older Windows versions, Rohde & Schwarz Networks and Cybersecurity strongly recommends performing an update to the error-corrected version 6.24 or upgrading the systems to Windows 11.


Heap Buffer Overflow in Squid - CVE-2025-54574

On 01.08.2025, a security vulnerability in Squid was published (CVE-2025-54574), which can be used to carry out a DoS (denial of service) attack via “heap buffer overflow” and potentially also execute arbitrary code (remote code execution).

R&S®LANCOM Unified Firewalls with LCOS FX use Squid in an affected version and are thus affected by the security vulnerability.

Rohde & Schwarz Networks and Cybersecurity has already fixed the security vulnerability and provides the corresponding software versions for download:

  • LCOS FX 11.1 SU5 (download)
  • LCOS FX 10.13 SU9 (download)
  • LCOS FX-I 1.2 RU1 (please contect your project representative regarding the download)

All other R&S Networks and Cybersecurity hardware and software products do not use the service Squid and are therefore not affected by the security vulnerability.


VU#767506: HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

On 13.08.2025 Israeli security researchers published information regarding the “MadeYouReset” vulnerability (CVE-2025-8671), through which a web server with HTTP/2 support can be forced to end a stream with an RST by means of invalid packets. This can be used for DoS attacks (Denial of Service) on web servers with HTTP/2 support.

R&S Networks and Cybersecurity hardware and software products are not affected by this vulnerability.


Operation of the LW-500 disrupted by IPv4 and IPv6 packets with incomplete headers in the LAN

Thanks to customer feedback, we were able to resolve a problem with the LANCOM LW-500 access point. It affected IPv4 and IPv6 packets with incomplete headers, which stopped the access point from working after a while. The device could only be restarted by interrupting the power supply.

If the behavior described occurs, it can be prevented by disabling hardware-accelerated packet forwarding via command line. Please note that the access point will have a higher processor load when this function is disabled.

The behavior described above could theoretically be exploited for a denial-of-service (DoS) attack if a potential attacker is located in the wired network, which requires physical access to the network. The behavior cannot be triggered via WLAN. Rohde & Schwarz Networks and Cybersecurity therefore considers the risk to be low.

Other access points with LCOS LX are not affected by this behavior.

LCOS LX firmware version 5.36 RU4 has been released for the LW-500 (download). The firmware contains a function that can be used to disable hardware-accelerated packet forwarding.

Instructions for activating and deactivating the function can be found in the release notes for LCOS LX 5.36 RU4 on page 4.


IngressNightmare security vulnerability in NGINX

The security researchers from Wiz, Inc published information regarding a security vulnerability in NGINX on 24.03.2025. This affects the vulnerabilities CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974. Through this, attackers could execute any code without authenticating themselves (RCE).

The Public R&S®LMC as well as all Private R&S®LMC instances were updated as soon as Rohde & Schwarz Networks and Cybersecurity gained knowledge of this security vulnerability, so that the vulnerability cannot be exploited.


VU#199397: Insecure Implementation of Tunneling Protocols (GRE/IPIP/4in6/6in4)

The security researchers Mathy Vanhoef and Angelos Beitis have discovered vulnerabilities in the tunneling protocols GRE, GUE, IPIP, 4in6 and 6in4. Among other things, attackers could gain access to a private network of an organization or execute Denial of Service attacks.

As this is a vulnerability in the tunneling protocols themselves, it depends on the device configuration, if the devices are affected by these vulnerabilities or not.

The operating systems LCOS FX, LCOS LX, LCOS SX as well as the LANtools and the R&S®LMC are not affected by these vulnerabilities, as they don’t support tunneling protocols.

The operating system LCOS supports the tunneling protocols GRE, IPIP, 4in6 and 6in4. However, the tunneling protocol IPIP is only supported within an encrypted IPSec tunnel and therefore cannot be exploited. With default settings tunneling protocols are not active, so that routers with LCOS are not affected without corresponding configuration changes


Security vulnerability in Qualcomm chipsets - CVE-2024-43047

In a Security Bulletin Qualcomm has published the security vulnerability CVE-2024-43047, through which attackers can corrupt memory and potentially execute arbitrary code by means of a "Use-After-Free". In the Security Bulletin Qualcomm also announces (under "Announcements"), that the vulnerability is already being actively exploited.

R&S Networks and Cybersecurity hardware and software products are not affected by this vulnerability.

Security vulnerability in the webinterface of LCOS devices (Heap Overflow)

On 05.09.2024, the company SSD Secure Disclosure published information regarding a security vulnerability in LCOS, through which an attacker could trigger a “Heap Overflow” in the webinterface. This leads to an unexpected reboot of the device (DoS attack).

Communication between LCOS devices and the R&S®LMC is not affected by this behavior, as the LCOS devices initiate the communication.

Rohde & Schwarz Networks and Cybersecurity has already fixed the security vulnerability and has made the error-corrected versions available to download in the download area. Rohde & Schwarz Networks and Cybersecurity strongly recommends to update the firmware on your devices. The expected availability date of the error-corrected firmware versions in the Auto Updater will be the middle of Calendar Week 38.

  • Current Firmware versions:
  • In addition, Rohde & Schwarz Networks and Cybersecurity also provides the following EOL firmware versions:

Until the error-corrected firmware has been uploaded to the router, the web server services should be deactivated for the WAN interface (Section 3) and the feature IPSec-over-HTTPS should be deactivated, too. Please note, that in doing so, VPN connections can only be established via IPSec and some Advanced VPN Client connections may not work anymore.

The web server services cannot be disabled in Public Spot scenarios without deactivating the Hotspot feature. For Public Spot scenarios, Rohde & Schwarz Networks and Cybersecurity therefore recommends to immediately upload the error-corrected firmware to the device.

Rohde & Schwarz Networks and Cybersecurity recommends to prohibit access to the router from the WAN or limit access to VPN connections (Section 1) or at least restrict access to specific networks and/or IP addresses (Section 2).

 


Vulnerability in RADIUS Protocol (VU#456537)

Alan de Kok (founder and head of FreeRADIUS) has published information on a vulnerability in the RADIUS protocol (VU#456537)). This allows an attacker using RADIUS/UDP to convert an "Access-Reject" from the RADIUS server into an "Access-Accept" for the requesting device via a man-in-the-middle attack. This results in the requesting device gaining access to the network.

In general, the vulnerability on the RADIUS server must be rectified. For devices that function as RADIUS clients, the "message authenticator" forcing can optionally be activated. 

LANCOM R&S®Unified Firewalls with LCOS FX are not affected by this behavior, as they can only be used as RADIUS clients for IKEv2 in conjunction with EAP. EAP can be used. EAP requires the presence of the "Message Authenticator". The R&S®LANCOM Advanced VPN Client is also not affected by this behaviour.

R&S®LANCOM routers and access points with LCOS, R&S®LANCOM Access Points with LCOS LX and R&S®LANCOM Switches with LCOS SX are affected by this behavior. 
The vulnerability has been fixed in the following firmware versions (RADIUS server) or can be mitigated via the "Require Message-Authenticator" function (RADIUS client):

LCOS (RADIUS server and client):

LCOS LX (RADIUS client):

  • LCOS LX 6.20 Rel - release expected in August 2024 

LCOS SX (RADIUS client):

Further recommendations for action regarding this security gap can be found in this Knowledge Base article.


regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)

On 01.07.2024, the Qualys Threat Research Unit published information regarding a security vulnerability in OpenSSH server on glibc-based Linux systems, through which attackers could execute arbitrary code (Remote Code Execution).

LANCOM Hardware and Software products are not affected by this security vulnerability, as the OpenSSH server is either not used at all or not used in an affected version.


Linux Kernel Use-After-Free Vulnerability (CVE-2024-1086)

A security vulnerability was published in the media, through which an attacker could gain root permissions in Linux (CVE-2024-1086).

R&S®LANCOM routers and access points with LCOS as well as switches with LCOS SX 3.xx are not affected by this vulnerability, as Linux is not used.

LANCOM R&S®Unified Firewalls with LCOS FX, R&S®LANCOM Access Points with LCOS LX as well as R&S®LANCOM Switches with LCOS SX 4.xx and 5.xx use Linux. However, according to our analysis, they are not affected by the security vulnerability.


Use After Free with SSL_free_buffers in OpenSSL (CVE-2024-4741)

On 28.05.2024, the OpenSSL project published a security vulnerability in OpenSSL, through which attackers could carry out various attacks (executing arbitrary code, DoS attacks, manipulating data).

R&S®LANCOM routers and access points with LCOS are not affected by the vulnerability, as the TLS stack in OpenSSL is not used in LCOS.

LANCOM R&S®Unified Firewalls with LCOS FX, R&S®LANCOM Switches with LCOS SX 3.xx / 4.xx / 5.xx as well as R&S®LANCOM Access Points with LCOS LX use OpenSSL in an affected version. However, the function “SSL_free_buffers” is not actively used in these operating systems, so that they are not affected by this security vulnerability.


Cuttlefish malware in Linux

On 01.05.2024, the Black Lotus Labs team of Lumen Technologies published information regarding the Cuttlefish malware, which targets network devices operated with Linux. With this malware, attackers can potentially read all network traffic on affected devices.

R&S®LANCOM routers and access points with LCOS as well as switches with LCOS SX 3.xx cannot be infected by this malware, as Linux is not used.

LANCOM R&S®Unified Firewalls with LCOS FX, R&S®LANCOM Access Points with LCOS LX as well as R&S®LANCOM Switches with LCOS SX 4.xx and 5.xx use Linux, however there is no known attack vector to place the malware on the devices.


5Ghoul security vulnerability in Sierra Wireless EM9191 5G modems (CVE-2023-33042 to CVE-2023-33044)

The media published information regarding the 5Ghoul security vulnerability in 5G modems through which attackers can execute denial-of-service attacks (DoS). According to the manufacturer Sierra Wireless, the 5G modem EM9191 used by Rohde & Schwarz Networks and Cybersecurity reacts to the vulnerabilities CVE-2023-33042, CVE-2023-33043 and CVE-2023-33044.

The following LANCOM 5G routers are affected by the security vulnerability. Rohde & Schwarz Networks and Cybersecurity has fixed the vulnerability in the WWAN firmware 03.14.10.01. Due to compatibility reasons, Rohde & Schwarz Networks and Cybersecurity recommends to perform an update to LCOS 10.80 RU5 as well. Both firmware versions are available in our download portal.

  • 1926VAG-5G
  • 1900EF-5G
  • 1800EF-5G (up to and including HW release B)

All other LANCOM 5G routers are not affected by the security vulnerability.


Tunnelvision vulnerability (CVE-2024-3661)

On 06.05.2024, the Leviathan Security Group published information regarding the Tunnelvision vulnerability (CVE-2024-3661), which targets end devices with VPN clients. Through this, attackers can assign end devices a static route together with an IP address via the DHCP option 121. In doing so, data traffic bypasses the VPN tunnel and attackers can read the data traffic.

This vulnerability uses the routing in the operating systems of the end devices as an attack vector. Therefore, LANCOM routers, access points, LANCOM R&S®Unified Firewalls as well as the R&S®LMC are not affected.

The Advanced VPN Client / LANCOM Trusted Access Client is affected by this vulnerability. However, attackers can only read the initial message of the VPN connection setup. As the company network cannot be reached via the routing entry assigned by the attackers, no communication with this network is possible.

Rohde & Schwarz Networks and Cybersecurity recommends the following countermeasures:

  • In public networks, Split Tunneling should not be used and instead all traffic should be routed via the VPN tunnel (option All through the tunnel in the Advanced VPN Client in the used profile under Split Tunneling or All network traffic (LANCOM Trusted Internet Access - Full Tunnel) in the configuration of the LANCOM Trusted Access Client under Security - LANCOM Trusted Access - Client configuration).
  • On a mobile phone, a hotspot can be established and the notebook can be connected to the hotspot. As the network is controlled by the mobile phone, attackers should not have access to this network. If the notebook features an integrated cellular modem, it can also be connected directly with the Internet.

SSID Confusion Attack – CVE-2023-52424

On 14.05.2024 the security researcher Mathy Vanhoef published information regarding a vulnerability in the Wi-Fi standard in his paper SSID Confusion: Making Wi-Fi Clients connect to the Wrong Network. It describes, how an attacker can direct a Wi-Fi client to another SSID on a „Rogue AP“ via a man-in-the-middle attack, if the same login credentials are used (this configuration is sometimes used in eduroam scenarios).

In his paper Mathy Vanhoef reports, that some VPN clients deactivate the VPN connection in known/secure networks. As a result supposedly secure communication can be recorded by an attacker. The Advanced VPN Client / LANCOM Trusted Access Client also uses a mechanism to recognize known/secure networks, however it does not work based on wireless networks (SSIDs). Therefore, the behavior observed by Mathy Vanhoef cannot occur with the Advanced VPN Client / LANCOM Trusted Access Client.

As this is a vulnerability in the Wi-Fi standard, it can also be exploited with R&S Networks and Cybersecurity products when using 802.1X and under certain conditions also WPA3. If the Wi-Fi standard is updated, Rohde & Schwarz Networks and Cybersecurity will make adjustments in the firmware as quickly as possible.

Rohde & Schwarz Networks and Cybersecurity therefore recommends using WPA2 or – if possible – using Wi-Fi networks with different login credentials.


Password of the administrator „root“ is reset after writing a full configuration with a further administrator

Through customer feedback we were able to fix a security flaw in LCOS, through which the password of the administrator “root” is reset – and therefore deleted - after writing a full configuration (e.g. an *.lcf file) with a further administrator with supervisor rights.

LCOS is affected as of version 10.80 RU1 by this security flaw. Lower LCOS versions as well as other LANCOM operating systems are not affected. The behavior has been fixed in the LCOS version 10.80 SU4.

Unauthorized access to the router from the WAN (Internet) is not possible through this security vulnerability.

In Public Spot scenarios with a separate guest network with VLAN or a WLC-Tunnel management access from the guest network to the access points is not possible and therefore the risk is eliminated.


Security vulnerability fixed in LCOS 10.80 SU4:

Rohde & Schwarz Networks and Cybersecurity strongly recommends to install the error corrected LCOS version 10.80 SU4 (download).


Information on the vulnerability "HTTP/2 CONTINUATION Flood" (VU#421644)

The media report on a security vulnerability in which the unauthorised processing of HTTP/2 headers and continuation frames enables DoS attacks based on network bandwidth or CPU utilisation.

The details of this vulnerability are summarised in the blog of security researcher Bartek Nowotarski.

LANCOM software and hardware products are not affected by this vulnerability, as the HTTP/2 protocol is not used there.


Information regarding the „Backdoor in the XZ Utils (CVE-2024-3094)“

On 29.03.2024, information regarding a backdoor in the XZ Utils was published (CVE-2024-3094), through which attackers could execute their own code (Remote Code Execution).

LANCOM hardware and software products are not affected by this vulnerability.