Security update: FTP access to the Miniserver
We want to make sure your systems are always as up-to-date and secure, no matter if you buy a Miniserver this year or bought one ten years ago. Security audits are carried out regularly to catch any risks ASAP and ensure the continuous safety of Loxone systems.
During our last audit on January 24, 2022, we discovered a security vulnerability related to FTP access of Miniservers running firmware versions 18.104.22.168, 22.214.171.124, 126.96.36.199 and 188.8.131.52.
There are no known cases of an attacker exploiting this vulnerability. However, as always, we recommend keeping all customer installations up-to-date to prevent a potential attack.
This vulnerability can be used, in rare scenarios, in installations where attackers gain FTP access to the Miniserver, allowing them to modify data.
Our team has created a new version to fix this issue. This version (184.108.40.206) is now available to download, and we strongly recommend all Miniservers running versions 220.127.116.11, 18.104.22.168, 22.214.171.124 and 126.96.36.199 be updated.
Today, a notification prompt was pushed via the Loxone App – enabling users with the relevant permissions to initiate the update themselves. The new version does not include any other changes apart from fixing the security vulnerability.
Get in contact
Send us a request for your next project as an end customer or a professional installer.