All security bulletins

  • Ewon Security Enhancement (FW 11.2s2)

    eWON reference: Webserver - eWON authentication mechanism improvement

    Affected devices: All
    Affected firmware versions: All

    Description:
    A non-authenticated user could get access in read only to some eWON device information.

    Read more...
  • DROWN OpenSSL Vulnerability

    On March 1st, 2016, a potential vulnerability (CVE-2016-0800) nicknamed DROWN was disclosed in OpenSSL regarding the support for SSLv2. This vulnerability mostly affects secure web sites (HTTPS).

    Are the eWON products and the Talk2M platform affected by DROWN?

  • eWON Security Enhancement (FW 10.1s0)

    eWON SECURITY ENHANCEMENT Ref: #7529-01

     

    eWON Reference: eWON Login Session Improvement 

    Affected devices: All eWON devices

    Affected firmware versions: All firmware versions inferior to 10.1s0

    Impact/description:

    The log off button displays a message recommending the user to close the browser to completely invalidate session. The session remains indeed active until the browser is closed. 

  • POODLE vulnerability & eWON

    On Wed Oct 15, a potential vulnerability (CVE-2014-3566) nicknamed POODLE was disclosed in the SSLv3 protocol, a part of the SSL security protocol responsible for securing many types of Internet connections, including secure web sites (HTTPS).

    Are the eWON products and the Talk2M platform affected by POODLE?

  • eWON Security Enhancement

    In eCatcher, for concerned devices, registration using the activation key mechanism is not possible if the eWON is already linked to a Talk2M account...
  • ShellShock vulnerability & eWON

    On Thu Sep 25, major vulnerability (CVE-2014-7169) nicknamed ShellShock was disclosed in Bash, a standard module of Linux systems, affecting most Linux servers on the planet, such as web servers.

    The Talk2M servers are not affected by this vulnerability but since security is our primary concern, we patched all our servers only a few hours after the vulnerability was disclosed, that is in Day 0, thereby ensuring that the Talk2M infrastructure remains safe.