SSD安全公告-QNAP QTS未经认证的远程代码执行漏洞

漏洞概要
以下安全公告描述了QNAP QTS的一个内存损坏漏洞,成功利用该漏洞会造成QNAP QTS 4.3.x和4.2.x版本(包括4.3.3.0299)未经验证的远程代码执行。

威联通科技(QNAP Systems, Inc)专注于为企业,中小型企业,SOHO和家庭用户提供文件共享,虚拟化,存储管理和监控应用的网络解决方案。 QNAP QTS是标准的智能NAS操作系统,支持所有文件共享,存储,备份,虚拟化和多媒体QNAP设备。
Continue reading SSD安全公告-QNAP QTS未经认证的远程代码执行漏洞

SSD Advisory – Huawei P8 wkupccpu debugfs Kernel Buffer Overflow

Vulnerability Summary
The following advisory describes a buffer overflow found in Huawei P8 Lite ALE-21 HI621sft, operating system versions EMUI 3.1 – wkupccpu debugfs driver.

Huawei Technologies Co. Ltd. is “a multinational networking and telecommunications equipment and services company, it is the largest telecommunications equipment manufacturer in the world and the second largest smartphone manufacturer in the world”

Credit
A security researcher from, TRUEL IT, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
Huawei confirmed that the vulnerability is not present on their most current version (with EMUI 4.0 or later), the only affected version is 3.1 and prior, it is recommended that all customers of Huawei upgrade to the latest version of their OS.

http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171218-01-smartphone-en

Continue reading SSD Advisory – Huawei P8 wkupccpu debugfs Kernel Buffer Overflow

SSD Advisory – QNAP QTS Unauthenticated Remote Code Execution

Vulnerability Summary
The following advisory describes a memory corruption vulnerability that can lead to an unauthenticated remote code execution in QNAP QTS versions 4.3.x and 4.2.x, including the 4.3.3.0299.

QNAP Systems, Inc. “specializes in providing networked solutions for file sharing, virtualization, storage management and surveillance applications to address corporate, SMB, SOHO and home user needs. QNAP QTS is the standard smart NAS operating systems that empowers all file sharing, storage, backup, virtualization and multimedia QNAP devices.”

Credit
A security researcher from, TRUEL IT ( @truel_it ), has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
QNAP was informed of the vulnerability, and responded with “We have confirmed this issue is the same as another recent report and have already assigned CVE-2017-17033 to it.

Although this report is a duplicate, we will still mention both reporters in the security advisory which will be released shortly.

The vulnerability will be fixed in upcoming releases of QTS 4.2.6 and 4.3.3.”

CVE: CVE-2017-17033

https://www.qnap.com/en/security-advisory/nas-201712-15

Continue reading SSD Advisory – QNAP QTS Unauthenticated Remote Code Execution

SSD Advisory – Dasan Unauthenticated Remote Code Execution

Vulnerability Summary
The following advisory describes a buffer overflow that leads to remote code execution found in Dasan Networks GPON ONT WiFi Router H640X versions 12.02-01121 / 2.77p1-1124 / 3.03p2-1146

Dasan Networks GPON ONT WiFi Router “is indoor type ONT dedicated for FTTH (Fibre to the Home) or FTTP (Fiber to the Premises) deployments. That can work as simple Bridge or behave as Router/NAT. It’s cost-effective CPE that meets carrier-class requirement for Telcom industry and guarantee reliable service proven in the field.”

Credit
An independent security researcher, TigerPuma (at) Fosec.vn, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
We tried to contact Dasan since October 8 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for this vulnerability.
Continue reading SSD Advisory – Dasan Unauthenticated Remote Code Execution