Fortinet Discovers Recon Private Data Leak Vulnerability
Recon Instruments has partially fixed the issue in Recon OS 4.3.3. The data is uploaded via HTTPS, but encryption of the zip has been removed, leaving it at risk on the device.
Fortinet reported the vulnerability to Recon Instruments on July 28, 2015.
Recon Instruments confirmed the vulnerability on September 23, 2015.
Recon Instruments issued patch for it in February, 2016.
Axelle Apvrille of Fortinet's FortiGuard Labs