SSD Advisory – WiseGiga NAS Multiple Vulnerabilities

Vulnerabilities summary
The following advisory describes five (5) vulnerabilities and default accounts / passwords found in WiseGiga NAS devices.

WiseGiga is a Korean company selling NAS products.

The vulnerabilities found in WiseGiga NAS are:

  • Pre-Authentication Local File Inclusion (4 different vulnerabilities)
  • Post-Authentication Local File Inclusion
  • Remote Command Execution as root
  • Remote Command Execution as root with CSRF
  • Info Leak
  • Default accounts

Credit
An independent security researcher, Pierre Kim, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
We tried to contact WiseGiga since June 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for these vulnerabilities.

Continue reading SSD Advisory – WiseGiga NAS Multiple Vulnerabilities

SSD Advisory – Polycom Memory Disclosure

Vulnerability Summary
The following advisory describe a Memory Disclosure vulnerability found in Polycom SoundPoint IP Telephone HTTPd server.

Polycom is the leader in HD video conferencing, voice conferencing & telepresence enabling open, standards-based video collaboration.

Increase the productivity of your phone calls and conference calls by making sure everyone can hear each other clearly and concentrate on what is being discussed. With our enterprise-grade, HD voice solutions, every participant can hear and be heard. Your teams can focus on what matters—creating stronger, deeper connections with customers, partners and each other.

Credit
An independent security researcher, Francis Alexander, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
Polycom has released a patch: http://support.polycom.com/content/support/North_America/USA/en/documentation/securitycenter.html to address this vulnerability “We discovered that the vulnerability you reported is not only present in SoundStation IP phones but also in several other products that use UCS software like VVX phones and Trio phones. As a result we fixed 5 streams of code instead of just one.”

CVE: CVE-2017-12857

Continue reading SSD Advisory – Polycom Memory Disclosure

SSD Advisory – Serviio Media Server Multiple Vulnerabilities

Vulnerabilities Summary
The following advisory describes a five (5) vulnerabilities found in Serviio Media Server. Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1.

Serviio is a free media server. It allows you to stream your media files (music, video or images) to renderer devices (e.g. a TV set, Bluray player, games console or mobile phone) on your connected home network.

Serviio works with many devices from your connected home (TV, Playstation 3, XBox 360, smart phones, tablets, etc.). It supports profiles for particular devices so that it can be tuned to maximise the device’s potential and/or minimize lack of media format playback support (via transcoding).

Serviio is based on Java technology and therefore runs on most platforms, including Windows, Mac and Linux (incl. embedded systems, e.g. NAS).

The vulnerabilities found in Serviio Media Server are:

  • Remote Code Execution
  • Local Privilege Escalation
  • Unauthenticated Password Modification
  • Information Disclosure
  • DOM-Based Cross-Site Scripting (XSS)

Credit
An independent security researcher Gjoko Krstic from Zero Science Lab has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor Response
We have tried on numerous occasions over the past two months to contact the vendor, all emails sent to them went unanswered.

Continue reading SSD Advisory – Serviio Media Server Multiple Vulnerabilities

SSD Advisory – Kloxo Sensitive Information Disclosure

Introduction
Kloxo (formerly known as Lxadmin) is a free, opensource web hosting control panel for the Red Hat and CentOS Linux distributions.

Vulnerability Details
Kloxo contains a vulnerability that could allow an authenticated remote attacker (client or auxiliary) to get almost any info from DB, for example passwords of other users (including administrators), credentials for DB connection, etc. After gathering credentials of user (reseller or admin) who has created current client it is possible to assign “admin” role to current client.

Authentication is required to exploit this vulnerability (any unprivileged client or auxiliary). So any unprivileged user will be able to login as administrator and manage system or execute any OS command or upload PHP file and execute desired PHP code (there are such ’legal’ features for administrator).

Continue reading SSD Advisory – Kloxo Sensitive Information Disclosure