Are there any known security vulnerabilities with Barix devices

Revision as of 17:32, 10 April 2013 by StefanG (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Are there any known security vulnerabilities with Barix devices ?

There are *no* known security vulnerabilities with the device. The Instreamer 100 (as well as all other Barix IP Audio products) use a proprietary kernel and TCP implementation, which is installed a couple of million times in the market and commonly known under the term "Cobos". The kernel/TCP implementation is provided by Lantronix (Irvine, CA), which use the same source code to build serial to IP adapters ("device servers") commonly known as Cobox, UDS, SDS, XPort etc. We are using the Lantronix base code but have modified it in some areas (to harden against common DOS issues as well as to make the implementation more fit for streaming applications). The devices generally do NOT offer typcial attack points as they would be in linux or windows based systems, their functionality is quite limited. Most firmware for our devies does support SNMPv1, and that is a common question by security aware people - however, the implementation is READ ONLY with controlled exceptions (only a small number of not security relevant functions might be - application dependent - settable via SNMP). So that can not seriously be considered a threat or security hole.


Back to FAQ