Digi IX10 User Manual

DIGI INTERNATIONAL

9350 Excelsior Blvd, Suite 700 Hopkins, MN 55343, USA +1 (952) 912-3444 | +1 (877) 912-3444

www.digi.com

Digi Accelerated Linux (DAL) Release Notes

IX-series

Version 21.2.39.67

INTRODUCTION

This is a patch firmware release for all IX-series products. This is a recommended production firmware release

SUPPORTED PRODUCTS

· Digi IX10

· Digi IX14

· Digi IX20/IX20W

· Digi IX20-PR/IX20W-PR

KNOWN ISSUES

· Cellular metrics are not shown under the Settings → Status → Communications section of Digi Remote Manager, but are shown under the Data Streams for the device. [DALP-768]

· Health metrics are uploaded to Digi Remote Manager unless the Monitoring > Device Health > Enable option is de-selected and either the Central Management > Enable option is de-

selected or the Central Management > Service option is set to something other than Digi Remote Manager [DAL-3291]

· Wired Internet connectivity is interrupted during cellular modem firmware updates [DAL-4647]

· The cellular Access technology configuration option is ignored if carrier PLMN locking is

enabled [DAL-4693]

UPDATE BEST PRACTICES

Digi recommends the following best practices:

1. Test the new release in a controlled environment with your application before you update

production devices.

2. Unless otherwise noted, apply updates in the following order:

a. Device firmware b. Modem firmware c. Configuration d. Application

Digi recommends Digi Remote Manager or Digi aView for automated device updates. For more information, follow the instructions for Digi Remote manager or Digi aView in the links below:

1. Instructions for Digi Remote Manager:

96000472_C Release Notes Part Number: 93001321_U Page 1

https://www.digi.com/resources/documentation/digidocs/90001436-13/default.htm#tasks/t_update_device_firmware.htm

2. Instructions for Digi aView:

https://www.digi.com/resources/documentation/digidocs/acl-kb/default.htm#Subsystems/kb-6300-cx/update-firmware.htm

If you prefer manually updating one device at a time, follow these steps:

1. Download the firmware file from the Digi firmware support page.

2. Connect to the device’s web UI by connecting your PC to the LAN Ethernet port of the device

and then going to http://192.168.210.1.

3. Select the System tab on the top navigation bar of the page, then select Firmware Update.

4. Select the Browse button in the Upload file section.

5. Browse for and select the downloaded firmware file.

6. Click the Update Firmware button.

TECHNICAL SUPPORT

Get the help you need via our Technical Support team and online resources. Digi oers multiple support levels and professional services to meet your needs. All Digi customers have access to product documentation. firmware, drivers, knowledge base and peer-to-peer support forums.

Visit us at https://www.digi.com/support to find out more.

CHANGE LOG

Mandatory release = A firmware release with a critical or high security fix rated by CVSS score.

For devices complying with ERC/CIP and PCIDSS, their guidance states that updates are to be deployed onto device within 30 days of release

Recommended release = A firmware release with medium or lower security fixes, or no security fixes

Note that while Digi categorizes firmware releases as mandatory or recommended, the decision if and when to apply the firmware update must be made by the customer aer appropriate review and validation.

VERSION 21.2.39.67 (December 2, 2020)

This is a mandatory release

IX14-21.2.39.67.bin

SHA512:

39234c8644fff88e0ac8503e80e023f92ebe768a5ce9cd7648be38e202fd592e0fd9f35ab4 4fddd3d9321d50c42ad1146ae089875ffe8cccb0e60e23dd863502

MD5: d6ed79ec3b2db14738451c15038fd5aa

IX10-21.2.39.67.bin

SHA512:

72a8ef1e4e892ea431b101063eb040b6cffe37351f7d27556836a33915f0cf8e241b2296ed 2d6cc3d69e2dee05bdba08273d58f81f2333fa36d88bc17a087547

MD5: 8e7d2ca15d40de7d7955fa5d5d7773cc

IX20-21.2.39.67.bin

SHA512:

525dbe3d67ae2db90c3c28bb98acbab9b893be87e7432d3930baad8fe827bed5a92231e 8c7eaa4a9b945b231ddcb9f5972d552dc52aedabdcd1711431e281a1d

MD5: 1b6bc3ac24b0bd009177c77d076efbf8

96000472_C Release Notes Part Number: 93001321_U Page 2

IX20-PR-21.2.39.67.bin

SHA512:

33b393e3bfd347070b4086267dd29dfe327e2c81ae8a695635433f2fdbb156cd29af3ceb8 6feaf5731b7fc8fb07b58ba010ee1a749c2d165467d5e3b6428fd30

MD5: b8a737e16faee85f34678e2d9de8e330

IX20W-21.2.39.67.bin

SHA512:

ac896a32a704728834385eae13555d07c7901c8f74794c1848e592b1570268df0f9b4149f 13f24bb807742cdfe493323d82ad9386efe33e82d118e403c1a8f1b

MD5: efa574c9e98186bddcbafdb2c7df56f9

IX20W-PR-21.2.39.67.bin

SHA512:

a3feb157fb421d8787d5f8c51a898f3bd88954874d7dd967ed56fd5fae60e25cead4cc4024 eb0384b556635436bbc068e876721f4e44c0845b1deb9021f6307e

MD5: 3c1900f45ed730d15ae13ea5d074481c

FEATURES

1. Add the Location service to all DAL products. DAL devices can utilize several location

sources (cellular, GNSS, or user defined) to determine where it's located and report that to Digi Remote Manager or other servers [DAL-724]

2. Add geo-fencing configuration options. This new features is found under Services →

Location → Geofence. It can be utilized to define one or more circular or polygonal geofence areas and then perform a set of actions when the device enters or leaves that area. Current options for actions to perform are either factory erasing the device or running a custom script. [DALP-711]

3. New modem scan CLI command for listing available carriers for the current modem and

SIM setup.

4. New Network → Interface → Modem → Network PLMN ID config setting to lock the SIM card

to a particular carrier based on its PLMN ID(note that the Carrier selection mode must be set to Manual or Manual/Automatic in order to lock the SIM to a specific carrier) [DALP637]

5. Added local API to the web UI for automated configuration of the device [DALP-777]

6. Support remote CLI commands through Digi Remote Manager [DAL-4273]

7. New configuration options under System → Scheduled tasks → System maintenance to

automatically check for device and modem firmware updates, then notify in the CLI and web UI when updates are available [DAL-4413]

ENHANCEMENTS

1. Added new DFS Client Support configuration setting to support 5GHz DFS Wi-Fi channels in

client mode [DALP-720]

2. Add 5GHz frequencies to the list of channels that can be scanned for client-mode Wi-Fi

background scanning [DAL-2570]

3. Set 2.4GHz default Wi-Fi bandwidth to 20MHz [DALP-772]

4. Update default background scanning settings for Wi-Fi clients to the following:

1. Scan threshold: -75dB

2. Short interval: 5s

3. Long interval: 300s

5. Updated Surelink recovery of Wi-Fi connections to restart the Wi-Fi module if restarting the

network connection fails to recover the setup [DAL-4387]

96000472_C Release Notes Part Number: 93001321_U Page 3

6. Added settings under Authentication → Serial to control Certificate Management for TCP

and autoconnect serial port setups [DALP-682]

7. Allow hidden/debug config settings to be controlled and preserved by DigiRM [DAL-4445]

8. Asymmetric preshared keys for IPsec tunnels [DALP-707]

9. Don't display Aggressive/Main mode or Xauth selections for IKEv2 IPsec tunnels [DAL-4142]

10. Update name and description of certificate settings for OpenVPN clients and servers [DAL-

4435]

11. Add digidevice.led python module to all products [DALP-710]

12. Add options to forward location information to a remote host over TCP [DALP-778]

13. Add new Forward interval multiplier configuration option under Services → Location →

Destination servers to control the number of location update intervals to wait before sending location data to this server [DAL-4056]

14. Report location metrics as datapoints to DigiRM [DAL-4055]

15. Include the connection uptime of IPsec tunnels as datapoint metrics to Digi Remote

Manager [DAL-4062]

16. Report the phone number of the SIM as a health metric datapoint to Digi Remote Manager

[DAL-4440]

17. Fixed incorrect format of ICCID and IMEI metrics reported to Digi Remote Manager [DAL-

4440]

18. Add iptables TRACE tool for enhanced firewall debugging [DAL-4182]

19. Improved accuracy of the status shown for a modem during a firmware update

20. IX10/1002-CMG4: Disable GEA1 on EG25-G modem [DAL-4250]

21. IX10/1002-CMG4: Disable voice services on EG25-G modules [DAL-4560]

22. IX10: Enable QXDM support on IX10 [DAL-4512]

BUG FIXES

1. IX14: Fixed reboot loop issue on IX14 device running default settings on 20.11.x firmware

[DAL-4507]

2. Fixed issue with utilizing soware flow control on serial ports set in remote-access mode

[DAL-3630]

3. Fix issue where a serial port could lock up and prevent access if flow control was enabled

[DAL-4585]

4. Fixed issue where non-primary DNS were queried through the wrong interface when

use_dns configuration option is set to primary [DAL-3156]

5. Report the phone number of the SIM as a health metric datapoint to Digi Remote Manager

[DAL-4440]

6. Fixed incorrect format of ICCID and IMEI metrics reported to Digi Remote Manager [DAL-

4440]

7. Fixed setup issue between custom firewall rules and IPsec tunnels [DAL-4433]

8. Fixed occasional issue preventing LM940 modems from re-establish their cellular

connection aer a modem firmware update [DAL-2933]

9. Fixed issue requiring a user to fix syslog configuration setting when updating from 20.5.x or

older firmware to 20.8.x/20.11.x firmware [DAL-4426]

10. Fixed rare issue where show system CLI command would display incorrect uptime details

[DAL-4350]

11. Fix issue with secondary CLI sessions showing stale configuration settings if the config is

updated elsewhere [DAL-4446]

12. Updated message displayed in web UI to direct the user to refresh the page aer erasing the

device back to default settings [DAL-2326]

96000472_C Release Notes Part Number: 93001321_U Page 4

13. Fixed issue where dynamic DHCP leases were not displayed in the CLI or web UI (bug

present on 20.11.x firmware versions) [DAL-4557]

14. Fixed inaccurate status of the Ethernet interface of a device in passthrough mode [DAL-

4543]

15. Fixed issue preventing web UI access if two-factor authentication was enabled (bug present

on 20.11.x firmware versions) [DAL-4509]

16. Fixed issue where CLI commands sent from DigiRM would crash the DAL device's connection

to DigiRM [DAL-4412]

17. Fixed issue preventing WAN/cellular connections from working if the interface was

configured with a single Interface Up Surelink test [DAL-4629]

18. Fix rare issue where Wi-Fi hotspots would stop responding to DHCP requests if restarted

many times [DAL-4298]

19. Fixed output of the show wifi ap name <ap_name> and show wifi client name

<client_name> CLI commands [DAL-1615]

20. Fixed inaccurate status of the Ethernet interface of a device in passthrough mode [DAL-

4543]

21. PR products: Fixed issue preventing usage of the digidevice.config python module on PR

firmware products [DAL-4378]

22. 1003-CM11: Fixed occasional issue preventing LM940 modems from re-establish their

cellular connection aer a modem firmware update [DAL-2933]

23. 1003-CM11: Fixed timing issue aer updating firmware on LM940 modems that preventing

the modem from reconnecting unless rebooted [DAL-4614]

24. Fixed issue causing aView-initiated speed tests to report the same upload/download speeds

[DAL-4420]

SECURITY FIXES

The highest level vulnerability that has been fixed in this release is listed as a Critical CVSS score of

8.1 High

1. Update hostapd to address CVE-2019-16275 and CVE-2019-13377 [DAL-4232]

2. Update wpa_supplicant to address CVE-2019-16275 [DAL-4233]

3. Update libcurl to version 7.74.0 (CVE-2020-8169, CVE-2020-8177) [DAL-4336]

4. Update to python version 3.6.12 (CVE-2020-14422) [DAL-4364]

5. Update OpenSSL to version 1.1.1i (CVE-2020-1971) [DAL-4326]

6. Update dnsmasq to version 2.83 (CVE-2019-14834, CVE-2020-25681, CVE-2020-25682, CVE-

2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687) [DAL3950]

7. Update web security settings with the following headers [DAL-4192]

1. Pragma: no-cache

2. Content-Security-Policy

3. X-Content-Type-Options: nosni

4. X-XSS-Protection: 1; mode=block

8. Set SAMEORIGIN in X-Frame-Options to uppercase [DAL-4192]

9. Automatically de-activate active user logins/sessions if the password for that user changes

10. Removed support for https CBC ciphers [DAL-4408]

11. Fixed XSS vulnerability on serial page in the local web UI (Bug present on firmware versions

20.11.x and older) [DAL-4646]

12. PR products: Removed debug config options from PR firmware for changing https ciphers

[DAL-4417]

96000472_C Release Notes Part Number: 93001321_U Page 5

VERSION 20.11.32.168 (December 23, 2020)

This is a recommended release.

ENHANCEMENTS

1. Use PDP context 1 with Telus carrier SIMs [DAL-4332]

BUG FIXES

1. Fixed bug preventing Ethernet speed/duplex adjustment (aects firmware version

20.11.32.138) [DAL-4414]

2. IX10-only: Fixed bug preventing serial port signal mode from being set to RS-485 when in

application or modbus modes (aects firmware versions 20.11.32.138 through 20.8.22.32) [DAL-4424]

VERSION 20.11.32.138 (December 2, 2020)

This is a mandatory release

IX14-20.11.32.138.bin

SHA512:

723d71598e538fa1ad1dc4a54c9d80d6e7a0d2fcf67c9b040e8c181085e55a4f9958ace58 0b4fb68ebdaa4106ef1f9cba98520f43e54342fd5b13488cbde3e00

MD5: c0b2f67e9126ab15bb62cd92de94ab

IX10-20.11.32.138.bin

SHA512:

e4850185fa3714a4e15b78f620f3985bbe3c47564c7907a68a61b1a2814d7756d7c14fa81 1360ed6279bb7fd55fc47a6ba5a012a0a4c36d7852a312b366d454a

MD5: d1780394cbfdeb398e0dd7cfa8f07707

IX20-20.11.32.138.bin

SHA512:

00ed82ef515d85f624cbc8c5ccf04736f907e61e955655f7aa051c567599b69f7575892dbc 214086b017176ce0260931601e3100d7c883bf1f3ff4f0cc9ec140

MD5: dce476fb431f95954776d783c26c2dda

IX20-PR-20.11.32.138.bin

SHA512:

12478faf7c902916ddd0e171efb19ba0b8773eec7ad6b97ba7bf797fefeb91cc3cfa57f078b fd475ac7692b2af22acfd2e63f3cb23e155c53d546d35162fc984

MD5: 2d0aa54d637a6579a9206dbf4b6b9797

IX20W-20.11.32.138.bin

SHA512:

a5f1fd71a11ac6f335124a709873b9315a9b46f01ed26ded488cc0b003e5d6cd0af93906f5 81494702dd06faf109a224e026246bb107945d9d8ba12bf970f27e

MD5: cdac8fb0a7cbb99649514d06f01680ec

IX20W-PR-20.11.32.138.bin

SHA512:

bc978f56f4cd58d22cfa928db3fa5c3fb3fa37eb9de9e08788b5b9baedfc1b742b1fc2197c4 e4d69ee600f70d25460adc96bfc16975f49c4160ab5740d3a944c

MD5: 45e59c1b8e42ab6e233c4f03d0b459dd

FEATURES

1. IX20/IX20W: New PR product variants and firmware for FirstNet/ResponseVerify products

96000472_C Release Notes Part Number: 93001321_U Page 6

[DALP-674]

1. PR stands for Primary Responder and indicates a security hardened, feature-restricted firmware targeted to comply with AT&T FirstNet and Verizon ResponseVerify certifcation security requirements. It is the same DAL firmware under the hood, but with several features removed to comply with FirstNet and ResponseVerify security restrictions. Below is a list of changes for PR products:

1. Services → Telnet removed

2. Removed Telnet option from Remote access options if a serial port was set in

Remote access mode

3. WPA1 Wi-Fi encryption option (WPA Personal) removed

4. Default Wi-Fi SSID disabled by default

5. interactive shell removed

1. Firewall → custom rules always has sandbox enabled with limited shell command and filesystem access to only allow iptables interaction

2. System → Scheduled tasks → Custom scripts always has sandbox option enabled with limited shell command and filesystem access to allow CLI access and python script execution

3. No inbound SCP/SFTP support

2. Add ssh and telnet commands to Admin CLI [DALP-664]

3. Add new modem firmware CLI commands for performing local or over-the-air remote firmware updates to the cellular modem(s) in the device [DAL-2811]

4. Add new configuration options under Network → Devices for setting the link speed/duplex of the device's Ethernet port(s) [DALP-135]

5. Add options for starting, stopping, and viewing serial port activity logs through the CLI, web UI, or Digi Remote Manager [DALP-458]

6. Support for the Sierra EM9190/9191 5G modems [DALP-686]

7. Support for the Sierra EM7411 LTE CAT7 modem [DALP-608]

8. IPv6 IPsec tunnel support for full IPv6 tunnels, IPv6-over-IPv4, or IPv4-over-IPv6 tunnels [DALP-581]

9. IPsec XFRM interfaces for enhanced control over IPsec tunnels and the network interfaces associated to them. This allows users to select tunnels for multiple networking features, including static routes, policy-based routes, access control lists, and routing priority based on metric. [DAL-490]

10. Inclusion of the Python pip for installing external modules/libraries [DAL-4078]

ENHANCEMENTS

1. Add Services → Location options for configuring GPS or GNSS location communication [DALP-724]

2. GPS/GNSS support for the IX10 and 1002-CMG4 modem [DALP-713]

3. Add cellular technology icon to the Dashboard in the web UI [DAL-3673]

4. Add link to product User Guide under the User drop-down menu at the top-right of the web UI [DALP-569]

5. Added help button to System → File System page of the web UI [DALP-569]

6. Added new Status → Modbus Gateway service page to the web UI to display information about modbus clients and servers connected to the gateway [DALP-671]

7. Added show modbus-gateway CLI command to view the status of Modbus gateway service [DALP-671]

96000472_C Release Notes Part Number: 93001321_U Page 7

8. Updated show modem CLI command to display historical information about the modem if it is in the process of updating firmware [DAL-1504]

9. Added new Services → Ping responder configuration settings for controlling what interfaces and firewall zones the DAL device responds to ICMP requests on [DAL-1565]

10. Enhance IPSec tunnels to wait for passing Surelink tests (if configured) before initiating outbound tunnels [DAL-3878/DAL-3774]

11. Add m2m.telus.iot Telus APN to fallback list [DAL-3911]

12. Add psmtneorm and edneopate010.dpa AT&T APNs to fallback list [DAL-4041/DAL-4045]

13. Add reseller and tracfone.vzwentp Tracfone APNs to the AT&T and Verizon fallback lists DAL-4098]

14. Add new 890103 and 890141 ICCID prefixes and 31030 PMND ID matchers to AT&T APN fallback list [DAL-3934/DAL-4041]

15. Add service.qcdm.secure option to enable/disable encrypted QXDM access to the cellular modem in the DAL device [DAL-3964]

16. Add missing modem firmware and SIM details to datapoints uploaded to Digi Remote Manager [DAL-4040]

17. Show uptime for connection to Digi Remote Manager on the Dashboard web UIpage in days/hours/minutes/seconds instead of just minutes [DAL-3691]

18. Updated network bridges to use the MAC address of the first device listed in Network → Bridges → [bridge_name] → Devices as the MAC address for the bridged interface [DAL3949]

19. Add link in the firmware update window on the Status → Modem page to direct users to the configuration options to schedule a modem firmware update [DALP-725]

20. Updated the help text on the login page to provide a more generic image [DAL-3916]

21. Added option when copying serial port settings on the System → Serial Configuration page to optionally copy the label of the serial port [DAL-3842]

22. Removed duplicate modem signal information from the Modem → Status page [DAL-3680]

23. Added a DSCP option to policy-based routes to allows users to match the routing rule by the type of DSCP field in the packet [DAL-3867]

24. Added a defaultroute option for matching policy-based routes to the device's active default route [DAL-4130]

25. Hide the Monitoring → Device Health configuration options if the device is not enabled for Digi Remote Manager central mangement [DAL-3825]

26. Update header types for the cellular modem name and network type on the Dashboard page

27. Create system log when Surelink DNS tests are skipped because the interface doesn't have any DNS servers [DAL-4224]

28. Hide main/aggressive mode option when using IKEv2 [DAL-4142]

29. Add reboot watchdog to IX20/IX20W devices to prevent so-reboot hangs [DAL-3392]

BUG FIXES

1. Fixed missing default settings in configuration profiles created in Digi Remote Manager (bug aects firmware versions 20.8.x and older) [DALP-658]

2. Fixed missing option for setting the SIM Slot Preference in configuration profiles in Digi Remote Manager (bug aects firmware versions 20.8.x and older) [DAL-3912]

3. Fixed format of user passwords when displayed in Digi Remote Manager (bug aects firmware versions 20.8.x and 20.5.338.58) [DAL-3889]

4. Fixed issue with policy-based routing not working in conjunction with multiple IPsec tunnels (bug aects firmware versions 20.8.x and older) [DAL-3515]

96000472_C Release Notes Part Number: 93001321_U Page 8

5. Fixed issue preventing OpenVPN server-managed certificates from being re-generated if the process was interrupted (bug aects firmware versions 20.8.x and older) [DAL-3803]

6. Fixed issue preventing OpenVPN client from using an autogenerated config file from a tapbridge openvpn server (bug aects firmware versions 20.8.x and older) [DAL-3881]

7. Fixed some formatting output of the show system verbose CLI command (bug aects firmware versions 20.8.x and older) [DAL-3805]

8. Fixed issue preventing VRRP interoperability between DAL devices and SarOS devices (bug aects firmware versions 20.8.x and older) [DAL-4130]

9. Update VRRP+ to properly handle changes in network interface statuses bug aects firmware versions 20.8.x and older) [DAL-4274]

10. Removed poorly formatted script contents from the show scripts CLI command output [DAL-3315]

11. Fixed non-working system disable-cryptography CLI command [DAL-4169]

12. Fixed second-stage erase functionality on devices not enabled for aView management [DAL3944]

13. Fixed issue preventing multicast traic from being sent through a GRE tunnel [DAL-3879]

14. Fixed issue preventing a firewall rule from being setup for OSFPv2 entries [DAL-3869]

15. Fixed rare crash caused when a Quectel modem disconnected [DAL-3867]

16. Fixed behavior of the WWAN Service LED to blink when a modem firmware update is in progress (bug aects firmware versions 20.8.x and older) [DAL-3963]

17. Fixed issue preventing IX10 devices and 1002-CMG4 modems from connecting with Verizon private APNs (bug aects firmware versions 20.8.x and older) [DAL-3605/DAL-3276]

SECURITY FIXES

The highest level vulnerability that has been fixed in this release is listed as a Critical CVSS score of

9.1

1. Disallow TCP forwarding from incoming SSH connections [DAL-3938]

2. Remove sensitive information from HTTP GET requests (CVSS score: 5.7 Medium CVSS:3.1/

AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N) [DAL-3938]

3. Update to linux kernel 5.8 (CVSS score: 3.7 Low CVE-2020-16166 CVSS:3.1/AV:N/AC:H/PR:N/ UI:N/S:U/C:L/I:N/A:N) [DALP-678]

4. OpenSSH updated to version 8.3p1 (CVSS score: 2.2 Low CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N) [DAL-3299]

5. OpenSSL updated to vesion 1.1.1h (CVSS score: n/a) [DAL-4037]

6. OpenVPN updated to version 2.4.9 (CVSS score 9.1 Critical CVE-2018-7544 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) [DAL-3862]

7. Linux shell/bash updated to version 5.0 (CVSS score: n/a) [DAL-3763]

8. jQuery updated to version 3.5.1 (CVSS Score: 6.1 Medium CVE-2020-11022 CVE-2020-11023) [DAL-3547]

9. Updated WebU session token to use AES-256-GCM cipher (CVSS score: n/a) [DAL-4000]

10. Prevent web asset access from unauthorized logins (CVSS score: 5.3 Medium CVSS:3.1/AV:N/

AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) [DAL-3835]

11. Add script CSP headers to the web UI (CVSS score: n/a) [DAL-3629]

12. Added extra layer of firmware verification to ensure the firmware matches the target hardware variant and prevent firmware modifications (CVSS score 1.9 Medium CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N) [DAL-3511]

13. Prevent command injection through modemadvanced, modem_install, and firmware webpages (CVSS score: 6.8 Medium CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N) [DAL4093/DAL-4104/DAL-4046]

96000472_C Release Notes Part Number: 93001321_U Page 9

+ 21 hidden pages