LITEON Logo

LITEON Product Security Advisory

Security and Disclosure Philosophy

We are committed to maintaining information security and encouraging responsible vulnerability disclosures. We promise to give high priority to reported vulnerabilities and continuously improve to ensure that our products have robust information security protection.

The method for Reporting Vulnerabilities

If you discover a security vulnerability, please contact us through the following methods.

e-mail: 5g-security@liteon.com

phone: 02-87982888-3470

The report should include details of the vulnerability, its potential impact, and possible attack methods.

What happens next

When we received the reported issue(s), we will treat this with the highest priority and make the solution available as soon as it practical to do so. The issues will be fixed in 1~3 months depending on the severity. Once we have resolved the reported issue(s), we will provide a suitable solution to all affected customers.

LITEON will also maintain a list of the latest software updates, along with descriptions of the issues that have been fixed. Besides, we also recommend that customers visit this page regularly to make sure they are aware of the latest updates.

Standards for Vulnerability Report

Applicable :

  1. A clear technical description should be provided
  2. Include testing steps or a Proof of Concept (PoC)
  3. Avoid public disclosure until the vendor has issued a fix

Not Applicable :

  1. Low-risk issues (e.g. UI bugs)
  2. Vulnerabilities requiring physical access
  3. Issues from outdated or unsupported software versions

03/06/2025

  • Required to change password when logging in with user for the first time

02/18/2025

  • Close port 1534 and port 80
  • Remove ssh algorithm Diffie-hellman-group1-sha1 and hmac-md5
  • Support password complexity in /bin/bash
  • CLI support detect function about error firmware image
  • Reboot and shutdown events will be recorded at the security log
  • Fail-safe mechanism to prevent updating with invalid firmware

12/09/2024

  • Adjust product name in CLI
  • If CLI password try error 3 times, system will block 1 minute
  • CLI user timeout
  • Add logout notification
  • CLI support password complexity mechanism

Contacting Us

If you have any inquiries, questions, comments or complaints about the security advisory page, Please feel free to contact 5g-security@liteon.com