SSD Advisory – QNAP QTS Unauthenticated Remote Code Execution

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerability Summary
The following advisory describes a memory corruption vulnerability that can lead to an unauthenticated remote code execution in QNAP QTS versions 4.3.x and 4.2.x, including the 4.3.3.0299.

QNAP Systems, Inc. “specializes in providing networked solutions for file sharing, virtualization, storage management and surveillance applications to address corporate, SMB, SOHO and home user needs. QNAP QTS is the standard smart NAS operating systems that empowers all file sharing, storage, backup, virtualization and multimedia QNAP devices.”

Credit
A security researcher from, TRUEL IT ( @truel_it ), has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
QNAP was informed of the vulnerability, and responded with “We have confirmed this issue is the same as another recent report and have already assigned CVE-2017-17033 to it.

Although this report is a duplicate, we will still mention both reporters in the security advisory which will be released shortly.

The vulnerability will be fixed in upcoming releases of QTS 4.2.6 and 4.3.3.”

CVE: CVE-2017-17033

Continue reading SSD Advisory – QNAP QTS Unauthenticated Remote Code Execution

SSD Advisory – Dasan Unauthenticated Remote Code Execution

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerability Summary
The following advisory describes a buffer overflow that leads to remote code execution found in Dasan Networks GPON ONT WiFi Router H640X versions 12.02-01121 / 2.77p1-1124 / 3.03p2-1146

Dasan Networks GPON ONT WiFi Router “is indoor type ONT dedicated for FTTH (Fibre to the Home) or FTTP (Fiber to the Premises) deployments. That can work as simple Bridge or behave as Router/NAT. It’s cost-effective CPE that meets carrier-class requirement for Telcom industry and guarantee reliable service proven in the field.”

Credit
An independent security researcher, TigerPuma (at) Fosec.vn, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
We tried to contact Dasan since October 8 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for this vulnerability.
Continue reading SSD Advisory – Dasan Unauthenticated Remote Code Execution

SSD Advisory – Iceni Infix Multiple Crashes

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Crashes Summary
An independent security researcher has reported 36 different crashes in Iceni Infix. We decided to publish 1 sample out of the 36 crashes – if you want to get the remaining 35 crashes, please contact us via email ssd [at] beyondsecurity (dot) com.

“Infix PDF Editor and Infix PDF Editor Pro is popular PDF editing software that can be used to edit PDF text. The program is very simple to use when you want to edit the text size, font, font color and more. You can also use Infix PDF Editor to edit whole paragraphs of the PDF document or even completely reformat the text.

Infix works like a normal word processor, so it’s really easy to use. It’s easy and quick – change text, fonts, images and more. No interface gimmicks, no ribbons!”

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Iceni has released patches to address these crashes “We have resolved these issues in Infix version 7.1.4 which is the current release.”

Continue reading SSD Advisory – Iceni Infix Multiple Crashes

SSD Advisory – HPE Intelligent Management Center (iMC) Code Execution

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerability Summary
The following advisory describes a Stack Buffer Overflow vulnerability found in HPE Intelligent Management Center version v7.2 (E0403P10) Enterprise, this vulnerability leads to an exploitable remote code execution.

HPE Intelligent Management Center (iMC) delivers comprehensive management across campus core and data center networks. iMC converts meaningless network data to actionable information to keep your network, and your business, moving.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
HPE has released a patch to address this vulnerability and issued the following CVE-2017-5815.

Continue reading SSD Advisory – HPE Intelligent Management Center (iMC) Code Execution