By now you have probably read about the critical security vulnerability discovered in the OpenSSL cryptography software library (CVE-2014-0160), nicknamed “Heartbleed”. This advisory is to inform you that the Heartbleed bug does not affect your Encore Networks Bandit™ 2/3, Bandit 2™ C2C™ and C2C/E2C™ routers. No remediation of the Encore Bandit™ and C2C/E2C™ routers is required. Vulnerable routers can allow attackers to monitor all information passed between end points and a web service or to decrypt previously collected traffic. For more information see Heartbleed
Users of other router products should upgrade firmware and follow the appropriate steps per their manufacturer’s suggestions.
With certain other routers you may be required to immediately disable Remote Web Administration (HTTPS) and Remote SSH access tools. Administrators should change any router passwords, WiFi keys, or other encrypted passwords stored competitor’s router. These steps are not required for the above named Encore Networks routers. The Encore Networks web site is not vulnerable.
Encore Networks EN-4000™ in Default Mode – No Action Required
OpenSSL version of EN-4000™ (1.0.1c) is reported to have the Heartbleed bug and may affect the EN-4000™ product in certain circumstances. By default in the EN-4000™ the OpenSSL is disabled, no static keys are used, and unless users enable OpenSSL package in a way that causes Heartbleed issue, no action is required.
If a user enables the OpenSSL on their EN-4000™ router, remediation is required. Encore Engineering has released a patch (heartbleed.tar.gz) for the Heartbleed bug. It is recommended that EN-4000™ products with Firmware Version 17322 04 04 and prior be upgraded with this patch. This patch is available at no charge to all customers. Further it is recommended that users change ALL keys and certificates to complete the fix and they should rekey, reissue, and revoke the old keys.
Step by step instructions of the patch can only be obtained by contacting Encore Networks support at: