Security Notice for the WG-C20 Portable Wireless Server

Dear Customers,

The WG-C20 Wireless Portable Server, released in October 2013, uses the open source software DNSmasq and the wireless LAN encryption standard WPA2. Based on recent industry reports, these two technologies have been discovered to have vulnerabilities as follows.* 

*CERT Vulnerability Notes Database  (English)

• Dnsmasq contains multiple vulnerabilities

• Wi-Fi Protected Access (WPA) handshake traffic can be manipulated to induce nonce and session key reuse

To ensure security and protect your devices against malicious attackers utilizing these vulnerabilities, please follow the instructions as described below:

1. Use a Direct Connection with Your Devices
   When you connect the WG-C20 to your smartphone or tablet, use a direct wireless connection without using a wireless LAN access point.

• Help Guide: connecting a smartphone/tablet

2. Set up security
   To use your WG-C20 safely, please make sure to configure security settings on your WG-C20 according to the details in the Help Guide (please see the link below). If you give your wireless LAN password to others for the purpose of sharing files, we highly recommend that you change your password immediately afterwards.

• Help Guide: setting the Wi-Fi security using File Manager

3. Choose a secure place when connecting to the Internet
   The WG-C20 lets you connect to the Internet through a wireless LAN router. If you use this feature to connect to the Internet from your smartphone or tablet, choose a secure place (such as within your home) that is difficult for others to access your Internet connection.

4. Avoid using public wireless LAN services
   Some public LAN services are not sufficiently secure and allow an unspecified number of users to connect. For the sake of security, we highly recommend that you avoid connections from your WG-C20 to public wireless LAN services.