beroNet team discovered a major security issue that gives anyone with HTTP access to your VoIP Gateway the ability to access the device’s configuration files. At this time we believe that all current 2.x and 3.x Firmware versions are affected.
Please note: for this to be a major security issue HTTP access to the gateway is required. Most beroNet Gateways are installed behind a firewall and the HTTP port should only be accessible by authorized administrators. The Firmware provides an ACL configuration allowing you to restrict access.
To repair this issue, please update your VoIP Gateway to Firmware 3.0.15.