by Excellium SA

Abstract Advisory Information

The communication between the access unit and a web relay is prone to Man in the Middle (MitM) attack if the attacker can impersonate the IP of the web relay.

Authors: Rémy Grandin

Version affected

Name: Access Unit 2.0

Versions: Firmware

Common Vulnerability Scoring System




Vulnerability Disclosure Timeline

  • 15/03/2021: Vulnerability discovery
  • 07/04/2021: Vulnerability Report to CERT-XLM
  • 07/04/2021: Vulnerability Report to 2N Technical Support
  • 07/04/2021: 2N Technical support acknowledgment
  • 15/04/2021: Request CVE IDs to Mitre
  • 19/04/2021: Provided CVE ID to 2N Technical Support
  • 08/06/2021: 2N Provides good technical reasons and will fix the vulnerability. Extend time before disclosure +90 days from now
  • 16/06/2021: 2N tells that a fix will not be ready until the end of the year
  • 12/08/2021: Expected Vulnerability disclosure