Ewon Security Attention Point
Ewon reference: Webserver - The communication to the Ewon device is unencrypted when used without Talk2M.
Concerned devices: All
Concerned firmware versions: All
The Ewon devices have been designed to be used in combination with a VPN solution in order to provide secure access to customer machines.
So by design, the Ewon web management console and the FTP communication flows, when accessed locally, are not encrypted.
As soon as you use our free VPN service, Talk2M, the traffic is encrypted, which will ensure confidentiality and integrity of your data.
As a rule, we recommend:
- to avoid making Ewon devices being directly reachable from non-trusted user by using a firewall and an access control policy
- use a secure remote access solution like Talk2M (https://www.ewon.biz/cloud-services/talk2m)
Raised by: Tijl Deneut - Howest (UGent) & Tony Gee - PentestPartners