VDE-2020-018
Last update
06/02/2020 10:42
Published at
06/02/2020 10:42
Vendor(s)
Phoenix Contact GmbH & Co. KG
External ID
VDE-2020-018
CSAF Document
Summary
FL MGUARD, TC MGUARD, TC ROUTER and TC CLOUD CLIENT devices are affected by a buffer overflow vulnerability within the PPP service.
The PPP service is not active by default, but is used commonly at TC ROUTER, TC CLOUD CLIENT.
It is also running in the following FL MGUARD and TC MGUARD configurations:
• Mobile data connection
• Router mode "Modem"
• Router mode "PPPoE"
• L2TP over IPsec
Malicious PPP peers could try to exploit the vulnerability from remote.
Impact
Attackers may either crash the PPP service or execute code with system permissions.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 2702547 | FL MGUARD CENTERPORT | Firmware <8.8.2 |
| 2702831 | FL MGUARD CORE TX VPN | Firmware <8.8.2 |
| 2700967 | FL MGUARD DELTA TX/TX | Firmware <8.8.2 |
| 2700968 | FL MGUARD DELTA TX/TX VPN | Firmware <8.8.2 |
| 2700197 | FL MGUARD GT/GT | Firmware <8.8.2 |
| 2700198 | FL MGUARD GT/GT VPN | Firmware <8.8.2 |
| 2701275 | FL MGUARD PCI4000 VPN | Firmware <8.8.2 |
| 1073944 | FL MGUARD PCI4000 VPN/K2 | Firmware <8.8.2 |
| 2701278 | FL MGUARD PCIE4000 VPN | Firmware <8.8.2 |
| 1073940 | FL MGUARD PCIE4000 VPN/K2 | Firmware <8.8.2 |
| 2700642 | FL MGUARD RS2000 TX/TX VPN | Firmware <8.8.2 |
| 2702139 | FL MGUARD RS2000 TX/TX-B | Firmware <8.8.2 |
| 2701875 | FL MGUARD RS2005 TX VPN | Firmware <8.8.2 |
| 2700634 | FL MGUARD RS4000 TX/TX | Firmware <8.8.2 |
| 2200515 | FL MGUARD RS4000 TX/TX VPN | Firmware <8.8.2 |
| 2702465 | FL MGUARD RS4000 TX/TX VPN-M | Firmware <8.8.2 |
| 1053403 | FL MGUARD RS4000 TX/TX VPN/K1 | Firmware <8.8.2 |
| 2702259 | FL MGUARD RS4000 TX/TX-P | Firmware <8.8.2 |
| 1073943 | FL MGUARD RS4000 VPN/K2 | Firmware <8.8.2 |
| 2701876 | FL MGUARD RS4004 TX/DTX | Firmware <8.8.2 |
| 2701877 | FL MGUARD RS4004 TX/DTX VPN | Firmware <8.8.2 |
| 2700640 | FL MGUARD SMART2 | Firmware <8.8.2 |
| 2700639 | FL MGUARD SMART2 VPN | Firmware <8.8.2 |
| 1053405 | FL MGUARD SMART2 VPN/K1 | Firmware <8.8.2 |
| 2702886 | TC CLOUD CLIENT 1002-4G | Firmware <2.03.19 |
| 2702888 | TC CLOUD CLIENT 1002-4G ATT | Firmware <2.03.19 |
| 2702887 | TC CLOUD CLIENT 1002-4G VZW | Firmware <2.03.19 |
| 2903441 | TC MGUARD RS2000 3G VPN | Firmware <8.8.2 |
| 1010464 | TC MGUARD RS2000 4G ATT VPN | Firmware <8.8.2 |
| 2903588 | TC MGUARD RS2000 4G VPN | Firmware <8.8.2 |
| 1010462 | TC MGUARD RS2000 4G VZW VPN | Firmware <8.8.2 |
| 2903440 | TC MGUARD RS4000 3G VPN | Firmware <8.8.2 |
| 1010463 | TC MGUARD RS4000 4G ATT VPN | Firmware <8.8.2 |
| 2903586 | TC MGUARD RS4000 4G VPN | Firmware <8.8.2 |
| 1010461 | TC MGUARD RS4000 4G VZW VPN | Firmware <8.8.2 |
| 2702529, 2702531 | TC ROUTER 2002T-3G | Firmware <2.05.5 |
| 2702530, 2702528 | TC ROUTER 3002T-4G | Firmware <2.05.5 |
| 2702533 | TC ROUTER 3002T-4G ATT | Firmware <2.05.5 |
| 2702532 | TC ROUTER 3002T-4G VZW | Firmware <2.05.5 |
Vulnerabilities
Expand / Collapse all
Published
09/22/2025 14:58
Severity
Weakness
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)
Summary
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
References
Remediation
PHOENIX CONTACT strongly recommends updating the devices to the latest firmware if the devices are used in configurations where PPPD is activated.
| Article No | Article | Affected Versions | Firmware Update |
|---|---|---|---|
| 2200515 | FL MGUARD RS4000 TX/TX VPN | <8.8.2 | Download |
| 2700197 | FL MGUARD GT/GT | <8.8.2 | Download |
| 2700198 | FL MGUARD GT/GT VPN | <8.8.2 | Download |
| 2700634 | FL MGUARD RS4000 TX/TX | <8.8.2 | Download |
| 2700639 | FL MGUARD SMART2 VPN | <8.8.2 | Download |
| 2700640 | FL MGUARD SMART2 | <8.8.2 | Download |
| 2700642 | FL MGUARD RS2000 TX/TX VPN | <8.8.2 | Download |
| 2700967 | FL MGUARD DELTA TX/TX | <8.8.2 | Download |
| 2700968 | FL MGUARD DELTA TX/TX VPN | <8.8.2 | Download |
| 2701275 | FL MGUARD PCI4000 VPN | <8.8.2 | Download |
| 2701278 | FL MGUARD PCIE4000 VPN | <8.8.2 | Download |
| 2701875 | FL MGUARD RS2005 TX VPN | <8.8.2 | Download |
| 2701876 | FL MGUARD RS4004 TX/DTX | <8.8.2 | Download |
| 2701877 | FL MGUARD RS4004 TX/DTX VPN | <8.8.2 | Download |
| 2702259 | FL MGUARD RS4000 TX/TX-P | <8.8.2 | Download |
| 2702465 | FL MGUARD RS4000 TX/TX VPN-M | <8.8.2 | Download |
| 2702547 | FL MGUARD CENTERPORT | <8.8.2 | Download |
| 2702831 | FL MGUARD CORE TX VPN | <8.8.2 | Download |
| 2702139 | FL MGUARD RS2000 TX/TX-B | <8.8.2 | Download |
| 1053405 | FL MGUARD SMART2 VPN/K1 | <8.8.2 | Download |
| 1053403 | FL MGUARD RS4000 TX/TX VPN/K1 | <8.8.2 | Download |
| 1073940 | FL MGUARD PCIE4000 VPN/K2 | <8.8.2 | Download |
| 1073943 | FL MGUARD RS4000 VPN/K2 | <8.8.2 | Download |
| 1073944 | FL MGUARD PCI4000 VPN/K2 | <8.8.2 | Download |
| 2903441 | TC MGUARD RS2000 3G VPN | <8.8.2 | Download |
| 2903588 | TC MGUARD RS2000 4G VPN | <8.8.2 | Download |
| 1010462 | TC MGUARD RS2000 4G VZW VPN | <8.8.2 | Download |
| 1010464 | TC MGUARD RS2000 4G ATT VPN | <8.8.2 | Download |
| 2903440 | TC MGUARD RS4000 3G VPN | <8.8.2 | Download |
| 2903586 | TC MGUARD RS4000 4G VPN | <8.8.2 | Download |
| 1010461 | TC MGUARD RS4000 4G VZW VPN | <8.8.2 | Download |
| 1010463 | TC MGUARD RS4000 4G ATT VPN | <8.8.2 | Download |
| 2702528 | TC ROUTER 3002T-4G | <2.05.5 | Download |
| 2702530 | TC ROUTER 3002T-4G | <2.05.5 | Download |
| 2702529 | TC ROUTER 2002T-3G | <2.05.5 | Download |
| 2702531 | TC ROUTER 2002T-3G | <2.05.5 | Download |
| 2702532 | TC ROUTER 3002T-4G VZW | <2.05.5 | Download |
| 2702533 | TC ROUTER 3002T-4G ATT | <2.05.5 | Download |
| 2702886 | TC CLOUD CLIENT 1002-4G | <2.03.19 | Download |
| 2702887 | TC CLOUD CLIENT 1002-4G VZW | <2.03.19 | Download |
| 2702888 | TC CLOUD CLIENT 1002-4G ATT | <2.03.19 | Download |
And all Innominate derivates of FL MGUARD products.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 06/02/2020 10:42 | Initial revision. |