General security information


Reports about the security loophole “Foreshadow”

(Last update 17.08.2018)

On August 14, 2018, the media reported a vulnerability named “Foreshadow”, which is particularly critical for cloud servers.


LANCOM devices are not affected by this vulnerability because foreign code cannot be run on LANCOM products.


Operators of virtual server environments such as vmWare, which support the operation of the LANCOM vRouter, LMC private, LSM and LSR, among others, are strongly recommend to implement the relevant manufacturer updates as soon as possible. We provide an article with recommendations for action in our Knowledge Base.


Due to importance of security implications, LANCOM Systems updates their systems as soon possible once manufacturer patches become available.


New reports of vulnerability in WPA2 encryption

On August 7, 2018, the first media reports appeared about a seemingly new vulnerability in the WPA2 encryption of Wi-Fi networks . However, the method described does not address a new vulnerability, it merely represents a simplified attack on an already known WPA2 vulnerability.


We therefore recommend that all customers who operate LANCOM devices with WPA2-PSK use passwords that are as complex as possible. LANCOM installations with WPA2-Enterprise are NOT affected by this attack.


Furthermore, we are currently preparing a new release that contains the new Wi-Fi security standard WPA3. This will be available later this summer with the release of LCOS 10.20.


VPNFilter: LANCOM devices are protected against malicious software

On Mai, 3rd 2018 the media published information reporting an infection of at least 500,000 routers and storage devices with a malicious software in at least 54 countries.


According to our current comprehensive analysis, LANCOM devices are not affected as LANCOM components use their own operating system (LCOS).


We recommend to update the software of Linux-based host systems for virtual machines, that are are used for the LANCOM vRouter and can be accessed directly from the Internet.


References (external links):




Spectre and Meltdown: LANCOM devices are not affected

(Last update 08.01.2018)

On January 4th, 2018, the media reported a serious security vulnerability in processors of various manufacturers, through which attackers can read out sensitive data.


LANCOM devices are not affected by this vulnerability because no foreign code can be executed on LANCOM products.


For operators of virtual server environments, e.g. vmWare on which LANCOM vRouters, LMC private, LSM and LSR can be operated, we recommend to update the environment with the relevant manufacturer updates.


Due to its high security relevance, LANCOM Systems immediately brings the LANCOM Management Cloud (LMC) systems up to date as soon as a manufacturer patch is available. This process has already started on 05.01.2018 and currently all available patches have been recorded.


LCOS Security Updates now available

As of now LCOS Security Updates for LANCOM routers, gateways, access points, and WLAN controllers are available for download.


The updates fix a security-related vulnerability in the management functionalities.

Potentially affected are all devices running the following firmware versions:


  • LCOS 10.12 REL, SU1, RU2

  • LCOS 10.10 RU2, 10.10.0165 PR, 10.10 RU4

  • LCOS 9.24 RU6, SU7, RU8


This update is recommended for these devices. All other versions are not affected.


Important security notice about KRACK in the context of P2P and WDS

(Update from 23.10.2017 – security updates available)

In addition to the usual operating modes within buildings, LANCOM access points enable the establishment of radio links or wireless distribution systems (WDS). Corresponding point-to-point or point-to-multipoint connections (P2P) are generally used in outdoor installations, among other things for broadband provision or the networking of open spaces.


The handshake method used to connect an access point with a WLAN client is also used for P2P scenarios, so in principle these installations are also prone to the WPA-2 vulnerability. However - partly due to the lack of roaming - the execution of an attack would be far more complex, so in effect the actual risk of attack is extremely low. Nevertheless, access points in P2P and WDS installations should also be updated as soon as patches become available.


Please install appropriate LCOS security updates for your access points and WLAN routers (download area).


Find more infos on our FAQ page

Overview - Recommended actions for LANCOM devices


Krack: Important notice about the security loophole in WPA-2

(Update from 23.10.2017 – security updates available)

At the previous weekend, the first reports appeared about a security vulnerability named “KRACK” that relates to the WPA2 encryption of Wi-Fi products. Under particular conditions, Wi-Fi data may be intercepted by unauthorized parties.


The attack targets the WPA authentication handshake and it specifically concerns 802.11r (Roaming Acceleration), Station Mode (Wi-Fi client mode, AutoWDS), and the 802.11s standard. It exploits an inexactness in the protocol specification and basically affects all manufacturers who support the corresponding protocols and operating modes.


An attack intercepts the connection between exactly one client and its access point or WLAN router (unicast). In principle, group keys for broadcast and multicast traffic are vulnerable too, but they are often filtered, converted into unicast, and they usually do not contain sensitive data.


802.11s is not supported by LANCOM Wi-Fi products. The 802.11r and Station Mode features in our products are deactivated by default. All LANCOM products for which these parameters and operating modes have not explicitly been enabled are unaffected by KRACK. Also, by default LANconfig, WEBconfig and the LANCOM Management Cloud do not activate these functions.


However, internal tests have shown that LANCOM Wi-Fi devices with 802.11r manually or subsequently activated are potentially vulnerable to KRACK. The same applies to 802.11ac access points or routers in station mode and P2P routes.


Please install appropriate LCOS security updates for your access points and WLAN routers (download area).


LANCOM products are not affected by the other vulnerabilities exploited by KRACK.


Also, please check with the manufacturer of your Wi-Fi clients for the availability of updates. These devices need to be updated too. However, a compromised client presents no threat to any other clients.


Find more infos on our FAQ page

Overview - Recommended actions for LANCOM devices


CherryBlossom: LANCOM WLAN routers & access points secure against CIA exploits

On Thursday, Wikileaks revealed a CIA spy tool codenamed "CherryBlossom". Wi-Fi devices from numerous manufacturers have been compromised by the injection of manipulated firmware.


According to the documents now published, CherryBlossom infects Wi-Fi routers and access points is capable of passing on sensitive data and information to third parties, including passwords.


LANCOM WLAN routers and access points are not affected by CherryBlossom. The tool is a Linux-based program that only runs on the corresponding devices. All LANCOM WLAN devices use the LANCOM closed-source operating system LCOS, and as a consequence it cannot be run on LANCOM devices.


More information about CherryBlossom and a list of affected manufacturers and models is available on the relevant Wikileaks page:



Worldwide hacker attack on DSL devices: LANCOM routers unaffected

UPDATE 12/01/2016

Over the past few days the media has been reporting on an apparently worldwide attack on DSL routers via the TR-069 remote management port. One effect of this was that customers of Deutsche Telekom have suffered connection failures on a massive scale.


LANCOM routers were unaffected by these attacks. By default, our routers do not support the TR-069 remote management protocol. This is only used if customers explicitly request it. To the best of our knowledge, no impairments have been experienced here either.


Detailed information about the attack is available from


Security vulnerability glibc: LANCOM routers and switches are secure

Currently media reports are publicizing the threat from the glibc vulnerability in Linux networking software.


LANCOM routers are not affected by this security vulnerability as they do not use a Linux-based operating system. LANCOM routers exclusively use the closed-source operating system LCOS. The glibc library is not used in LANCOM routers and a proprietary process is used for DNS resolution. With LANCOM switches the glibc library is also not used.


Since the LANCOM Management Systems Large Scale Monitor (LSM) and Large Scale Rollout (LSR) are operated under Linux, LANCOM Systems recommends upgrading the linux-own glibc library on these systems. Instructions are available in the following KnowledgeBase article.


UPDATE Security Advisory: Potential vulnerability of SSH- and SSL keys

November 2015 the German news channel heise online published this article on the potential vulnerability of SSH- and SSL keys (German only):


To sum it up, millions of IT products are potentially vulnerable to so-called "Man-in-the-Middle" attacks when being accessed via the management protocols SSH and SSL. An attacker recording the respective data traffic (configuration and access data) can thus be enabled to decrypt transmitted data. This is due to the industry-wide practice that the underlying keys and certificates are not individually assigned per device but rather identical for product families. Such an attack cannot be conducted trivially and is adhered to further conditions.


This is an industry-wide security issue of which all renowned vendors are affected - so is LANCOM Systems.


LANCOM System offers free LCOS Security Updates which execute an automatic creation of individual SSH- and SSL keys for each device, if such keys are not already active in the device.


According to present knowledge, this vulnerability has not been exploited for an attack so far. LANCOM Systems still assesses this threat as medium and recommends to check whether your products are potentially affected and to implements the described measures.


This KnowledgeBase article comprises a list of all LANCOM devices with guidances for the creation of individual SSH- and SSL keys.


The described measures will fix this vulnerability.