SSD Advisory – Livebox Fibra (Orange Router) Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerabilities Summary
The following advisory describes four (4) vulnerabilities found in Livebox Fibra router version AR_LBFIBRA\_sp-00.03.04.112S. It is possible to chain the vulnerabilities into remote code execution.

The “Livebox Fibra” router is “manufactured by Arcadyan for Orange and Jazztel in Spain”

The vulnerabilities found in Arcadyan routers are:

  • Unauthenticated configuration information leak
  • Hard-coded credentials
  • Memory leak
  • Stack buffer Overflow

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
Arcadyan and Orange were informed of the vulnerabilities and patched them.
Continue reading SSD Advisory – Livebox Fibra (Orange Router) Multiple Vulnerabilities

SSD Advisory – Ichano AtHome IP Cameras Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerabilities Summary
The following advisory describes three (3) vulnerabilities found in Ichano IP Cameras.

AtHome Camera is “a remote video surveillance app which turns your personal computer, smart TV/set-top box, smart phone, and tablet into a professional video monitoring system in a minute.”

The vulnerabilities found are:

  • Hard-coded username and password – telnet
  • Hard-coded username and password – Web server
  • Unauthenticated Remote Code Execution

Credit
An independent security researcher, Tim Carrington, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
We tried to contact Ichano since November 21st 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for these vulnerabilities.

CVE: CVE-2017-17761
Continue reading SSD Advisory – Ichano AtHome IP Cameras Multiple Vulnerabilities

SSD Advisory – ZTE ZXR10 Router Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerabilities summary
The following advisory describes five (5) vulnerabilities found in ZTE ZXR10 Router.

ZXR10 ZSR V2 series router is “the next generation intelligent access router product of ZTE, which integrates routing, switching, wireless, security, and VPN gateway. The product adopts industry-leading hardware platform and software architecture to provide an intelligent and flexible platform for building efficient, reliable, flexible, and maintainable enterprise intelligence networks.”

The vulnerabilities found are:

  • Hard-coded credentials
  • Arbitrary file upload
  • Authentication bypass
  • Arbitrary file read
  • Unauthorized configuration file download

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
The vendor has released patches to address these vulnerabilities.

For more details: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10931

CVE: CVE-2017-10931

Continue reading SSD Advisory – ZTE ZXR10 Router Multiple Vulnerabilities