SSD Advisory – TerraMaster Operating System (TOS) File Disclosure

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes a File Disclosure vulnerability found in TerraMaster Operating System (TOS) version 3.

TerraMaster Operating System, TOS is a Linux platform-based operating system developed for TerraMaster cloud storage NAS server. TOS 3 is the third generation operating system newly launched.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
TerraMaster has released patches to address this vulnerability – “Tech team limit the normal user’s rights”.

Continue reading SSD Advisory – TerraMaster Operating System (TOS) File Disclosure

SSD Advisory – Emby Media Server Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes three (3) vulnerabilities found in Emby Media Server.

Affected versions are: 3.1.5, 3.1.2, 3.1.1, 3.1.0 and 3.0.0.

Emby Media Server (formerly Media Browser) is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client server model. Two comparable media servers are Plex and Windows Media Center.

The vulnerabilities found in Emby Media Server are:

  • Directory Traversal
  • File Disclosure
  • SQL Injection

Credit
An independent security researcher Gjoko Krstic from Zero Science Lab has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor Response
Emby has been notified in March 2017 about the vulnerability, shortly after they have released a new version that addresses this vulnerabilities. They however have not provided any version information or release notes that reflect this.

Continue reading SSD Advisory – Emby Media Server Multiple Vulnerabilities

SSD Advisory – Over 100K IoT Cameras Vulnerable to Source Disclosure

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes an arbitrary file content disclosure vulnerability found in GoAhead web server.

The GoAhead web server is present on multiple embedded devices, from IP Cameras to Printers and other embedded devices.

The vulnerability allows a remote unauthenticated attacker to disclose the content of the file being accessed. As most embedded devices do not run a SQL (or SQL-like) daemon, the credentials for authentication are stored inside the file being accessed. Through this disclosure attack, an attacker can view the credentials required to access the device.

Credit
An independent security researcher Istvan Toth has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Update #2: The vulnerability of the “/” less access causing file disclosure dates back to 2004, http://aluigi.altervista.org/adv/goahead-adv2.txt, I cannot find any indication when GoAhead fixed it – in any case it is still present in 2017 in devices that use the GoAhead server.

Update: The vendor (GoAhead) claims the vulnerability is not in his product, but rather in the camera vendor’s code.

We at Beyond Security, are unsure about this, but as none of the camera vendors responded, we are left in the dark at the root cause for the vulnerability.

Since this vulnerability affects practically multiple devices that have the GoAhead web server (these devices appear to implement old versions of GoAhead), there is no one company you can report these vulnerabilities to or get them addressed – further the majority of the products that are vulnerable are OEM products with no real “vendor” behind them.

We urge users who have an embedded device and have GoAhead running on them, you can know this by seeing the following banner returned when you connect to the device:

To remove the device from the network, or at the very least not allow access to the web interface to anyone beside a very strict IP address range.

Continue reading SSD Advisory – Over 100K IoT Cameras Vulnerable to Source Disclosure