This article describes the encryption change since firmwares 22.1s3 and 14.9s3 and its consequences.
It also provides recommendations if you're using backups/config files to configure your devices.
APPLICABLE PRODUCTS
Cosy+, Flexy, Cosy131
ISSUE
As seen in CVE-2024-33895, the firmware key used to encrypt configuration parameters for devices running a firmware below 22.1s3 and 14.9s3 could be read.
This symmetric key is used to encrypt/decrypt passwords of backup/config files (adm, Wifi PSK, FTP Server, ...).
It is common to every Ewons devices (Cosy+/Flexy/Cosy131).
This issue has been fixed in firmwares 22.1s3 and 14.9s3.
COUNTERMEASURES
We changed the way the passwords are encrypted (#_5 to #_6) since firmwares 22.1s3 and 14.9s3 by creating a unique key per device.
For devices running an older firmware, passwords are re-encrypted on the fly when upgrading.
Passwords are also re-encrypted if you restore a backup/config file from a device using an older firmware (old encryption #_5).
CONSEQUENCES
- Passwords from a Backup/config file generated from an Ewon running fwr >= 14.9s3/22.1s3 cannot be restored in another Ewon.
- Passwords from a Backup/config file generated from an Ewon with a new firmware (from 22.1s3 or 14.9s3) cannot be restored in an Ewon running an old firmware. (New #_6 encrypted value will be considered as the clear password).
RECOMMENDATIONS
- Do not store your backup/config file or Ecatcher Easy Setup files in an unsafe place.
- If you need to restore the same backup/config file in multiple Ewons:
- Remove the #_6 passwords from the backup/config file or replace them by a password in clear text (for more security, set new passwords from the web interface of the device afterwards).
- Use backup/config file generated with the old encryption (from an Ewon running a fwr < 14.9)
(To edit a .tar backup file, open the backup using 7Zip and edit the config.txt/comcfg.txt files from there. After saving the txt files from your text editor, 7zip will prompt you to save the update in the tar file).
Bellow you'll find the list of all the parameters (mainly passwords) which values need to be removed from a backup file so it can be restored in another Ewon:
- FtpPassword
- SmtpAuthPass
- DMClientPwd
- VPNSecretKey
- PPPClPassword1
- PPPClPassword2
- CBDDnsPass
- DefAdmPass
- WANPxyPass
- AdslPass
- PIN
- WifiPSK
- UsbIpPwd
- BoltCfgPassword
Additionally, you will have to either:
- delete all users in the UserList (in the file config.txt) but this way you will loose all users (except the default adm/adm) or
- replace all #_6 passwords with clear text passwords
Here's an example with two users. Each line containing a user must be removed or edited:
