SSD Advisory – Vigor ACS Unsafe Flex AMF Java Object Deserialization

Credit to Author: SSD / Noam Rathaus| Date: Wed, 18 Apr 2018 05:24:56 +0000

Vulnerability Summary A vulnerability in Vigor ACS allows unauthenticated users to cause the product to execute arbitrary code. VigorACS 2 “is a powerful centralized management software for Vigor Routers and VigorAPs, it is an integrated solution for configuring, monitoring, and maintenance of multiple Vigor devices from a single portal. VigorACS 2 is based on TR-069 … Continue reading SSD Advisory – Vigor ACS Unsafe Flex AMF Java Object Deserialization

Read more

SSD Advisory – Western Digital My Cloud Pro Series PR2100 Authenticated RCE

Credit to Author: SSD / Noam Rathaus| Date: Wed, 21 Mar 2018 14:48:51 +0000

Vulnerability Summary A vulnerability in the Western Digital My Cloud Pro Series PR2100 allows authenticated users to execute commands arbitrary commands. Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor Response The vendor was notified on the 28th of November 2017, and responded that they take security … Continue reading SSD Advisory – Western Digital My Cloud Pro Series PR2100 Authenticated RCE

Read more

SSD Advisory – AppWeb Authentication Bypass (Digest, and Basic)

Credit to Author: SSD / Noam Rathaus| Date: Wed, 14 Mar 2018 19:01:53 +0000

Vulnerability Summary A critical vulnerability in the EmbedThis HTTP library, and Appweb versions 5.5.x, 6.x, and 7.x including the latest version present in the git repository. In detail, due to a logic flaw, with a forged HTTP request it is possible to bypass the authentication for HTTP basic and HTTP digest login types. Confirmed Vulnerable … Continue reading SSD Advisory – AppWeb Authentication Bypass (Digest, and Basic)

Read more

SSD Advisory – AppWeb Authentication Bypass (Digest, Basic and Forms)

Credit to Author: SSD / Noam Rathaus| Date: Wed, 14 Mar 2018 19:01:53 +0000

Vulnerability Summary A critical vulnerability in the EmbedThis HTTP library, and Appweb versions 5.5.x, 6.x, and 7.x including the latest version present in the git repository. In detail, due to a logic flaw, with a forged HTTP request it is possible to bypass the authentication for form and digest login types. Confirmed Vulnerable Appweb version … Continue reading SSD Advisory – AppWeb Authentication Bypass (Digest, Basic and Forms)

Read more

SSD Advisory – VK Messenger (VKontakte) vk:// URI Handler Commands Execution

Credit to Author: SSD / Noam Rathaus| Date: Sun, 11 Mar 2018 10:51:34 +0000

Vulnerability Summary The following describes a vulnerability in VK Messenger that is triggered via the exploitation of improperly handled URI. VK (VKontakte; [..], meaning InContact) is “an online social media and social networking service. It is available in several languages. VK allows users to message each other publicly or privately, to create groups, public pages … Continue reading SSD Advisory – VK Messenger (VKontakte) vk:// URI Handler Commands Execution

Read more

VK Messenger (VKontakte) vk:// URI Handler Commands Execution

Credit to Author: SSD / Noam Rathaus| Date: Sun, 11 Mar 2018 10:51:34 +0000

Vulnerability Summary The following describes a vulnerability in VK Messenger that is triggered via the exploitation of improperly handled URI. VK (VKontakte; [..], meaning InContact) is “an online social media and social networking service. It is available in several languages. VK allows users to message each other publicly or privately, to create groups, public pages … Continue reading VK Messenger (VKontakte) vk:// URI Handler Commands Execution

Read more

beVX Conference Challenge

Credit to Author: SSD / Noam Rathaus| Date: Sun, 04 Mar 2018 07:27:05 +0000

During the event of OffensiveCon, we launched a reverse engineering and encryption challenge and gave the attendees the change to win great prizes. The challenge was divided into two parts, a file – can be downloaded from here: https://www.beyondsecurity.com/bevxcon/bevx-challenge-1 – that you had to download and reverse engineer and server that you had to access … Continue reading beVX Conference Challenge

Read more

SSD Advisory – TrendNet AUTHORIZED_GROUP Information Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Wed, 14 Feb 2018 08:58:11 +0000

Vulnerability Summary The following advisory describes an information disclosure found in the following TrendNet routers: TEW-751DR – v1.03B03 TEW-752DRU – v1.03B01 TEW733GR – v1.03B01 TRENDnet’s “N600 Dual Band Wireless Router, model TEW-751DR, offers proven concurrent Dual Band 300 Mbps Wireless N networking. Embedded GREENnet technology reduces power consumption by up to 50%. For your convenience … Continue reading SSD Advisory – TrendNet AUTHORIZED_GROUP Information Disclosure

Read more

SSD Advisory – CloudMe Unauthenticated Remote Buffer Overflow

Credit to Author: SSD / Noam Rathaus| Date: Sun, 11 Feb 2018 07:06:24 +0000

The following advisory describes one (1) vulnerability found in CloudMe. CloudMe is “a file storage service operated by CloudMe AB that offers cloud storage, file synchronization and client software. It features a blue folder that appears on all devices with the same content, all files are synchronized between devices.” The vulnerability found is a buffer … Continue reading SSD Advisory – CloudMe Unauthenticated Remote Buffer Overflow

Read more

SSD Advisory – Hack2Win – Cisco RV132W Multiple Vulnerabilities

Credit to Author: SSD / Maor Schwartz| Date: Sun, 11 Feb 2018 06:10:03 +0000

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Cisco RV132W Wireless N VPN version 1.0.1.8 The Cisco RV132W Wireless-N ADSL2+ VPN Router is “easy to use, set up, and deploy. This flexible router offers great performance and is suited for small or home offices (SOHO) and smaller deployments.” The vulnerabilities found are: … Continue reading SSD Advisory – Hack2Win – Cisco RV132W Multiple Vulnerabilities

Read more

SSD Advisory – Multiple IoT Vendors – Multiple Vulnerabilities

Credit to Author: SSD / Maor Schwartz| Date: Thu, 08 Feb 2018 08:02:43 +0000

Vulnerabilities summary The following advisory describes three (3) vulnerabilities found in the following vendors: Lorex StarVedia Eminent Kraun The vulnerabilities found: Hard-coded credentials Remote command injection (2) It is possible to chain the vulnerabilities and to achieve unauthenticated remote command execution. Credit An independent security researcher, Robert Kugler (https://www.s3cur3.it), has reported this vulnerabilities to Beyond … Continue reading SSD Advisory – Multiple IoT Vendors – Multiple Vulnerabilities

Read more