SSD Advisory – NEXXT Authentication Bypass

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes an authentication bypass found in NEXXT routers.

NEXXT Connectivity Solutions develops “state of the art networking devices that help connect people and things together, at home, the office and virtually everywhere”.

Credit
An independent security researcher, Netfairy, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
We tried to contact NEXXT since August 17 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for these vulnerabilities.

Continue reading SSD Advisory – NEXXT Authentication Bypass

SSD Advisory – Hanbanggaoke IP Camera Arbitrary Password Change

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability summary
The following advisory describes an arbitrary password change vulnerability found in Hanbanggaoke webcams.

Beijing Hanbang Technology, “one of the first enterprises entering into digital video surveillance industry, has been focusing on R&D of products and technology of digital video surveillance field. While providing product and technical support, it also provides overall solution for the industrial system; it has successfully provided system implementation and service supports for several industries.”

Credit
An independent security researcher, Netfairy, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
We tried to contact Hanbanggaoke since the 8th of August 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for this vulnerability.

Continue reading SSD Advisory – Hanbanggaoke IP Camera Arbitrary Password Change

SSD Advisory – McAfee LiveSafe MiTM Registry Modification leading to Remote Command Execution

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes a Remote Code Execution found in McAfee McAfee LiveSafe (MLS) versions prior to 16.0.3. The vulnerability allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response.

McAfee Security Scan Plus is a free diagnostic tool that ensures you are protected from threats by actively checking your computer for up-to-date anti-virus, firewall, and web security software. It also scans for threats in any open programs.

Credit
An independent security research company, Silent Signal, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
The vendor has released patches to address this vulnerability.

For more information: https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102714

CVE: CVE-2017-3898

Continue reading SSD Advisory – McAfee LiveSafe MiTM Registry Modification leading to Remote Command Execution

SSD Advisory – WiseGiga NAS Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities summary
The following advisory describes five (5) vulnerabilities and default accounts / passwords found in WiseGiga NAS devices.

WiseGiga is a Korean company selling NAS products.

The vulnerabilities found in WiseGiga NAS are:

  • Pre-Authentication Local File Inclusion (4 different vulnerabilities)
  • Post-Authentication Local File Inclusion
  • Remote Command Execution as root
  • Remote Command Execution as root with CSRF
  • Info Leak
  • Default accounts

Credit
An independent security researcher, Pierre Kim, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
We tried to contact WiseGiga since June 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for these vulnerabilities.

Continue reading SSD Advisory – WiseGiga NAS Multiple Vulnerabilities