SSD Advisory – VK Messenger (VKontakte) vk:// URI Handler Commands Execution

Vulnerability Summary
The following describes a vulnerability in VK Messenger that is triggered via the exploitation of improperly handled URI.

VK (VKontakte; [..], meaning InContact) is “an online social media and social networking service. It is available in several languages. VK allows users to message each other publicly or privately, to create groups, public pages and events, share and tag images, audio and video, and to play browser-based games. It is based in Saint Petersburg, Russia”.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Affected Version
VK Messenger version 3.1.0.143

Vendor Response
The vendor responded that the problem no longer affects the latest version – but didn’t provide any information on when it was fixed and whether it was fixed due to someone else reporting this vulnerability.
Continue reading SSD Advisory – VK Messenger (VKontakte) vk:// URI Handler Commands Execution

SSD Advisory – CloudMe Unauthenticated Remote Buffer Overflow

The following advisory describes one (1) vulnerability found in CloudMe.

CloudMe is “a file storage service operated by CloudMe AB that offers cloud storage, file synchronization and client software. It features a blue folder that appears on all devices with the same content, all files are synchronized between devices.”

The vulnerability found is a buffer overflow vulnerability, which when exploited can be used to cause the product to execute arbitrary code.

Credit
A security researcher from, hyp3rlinx, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
The vendor has released CloudMe version 1.11.0 which addresses this vulnerability.

CVE: CVE-2018-6892
Continue reading SSD Advisory – CloudMe Unauthenticated Remote Buffer Overflow

SSD Advisory – Hack2Win – Cisco RV132W Multiple Vulnerabilities

Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities found in Cisco RV132W Wireless N VPN version 1.0.1.8

The Cisco RV132W Wireless-N ADSL2+ VPN Router is “easy to use, set up, and deploy. This flexible router offers great performance and is suited for small or home offices (SOHO) and smaller deployments.”

The vulnerabilities found are:

  • Information Disclosure That Leads to Password Disclosure
  • Unauthenticated WAN Remote Code Execution

Credit
A security researcher from, NSHC, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
Cisco were informed of the vulnerabilities and released patches to address them: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x

CVE: CVE-2018-0125 / CVE-2018-0127
Continue reading SSD Advisory – Hack2Win – Cisco RV132W Multiple Vulnerabilities

SSD Advisory – Multiple IoT Vendors – Multiple Vulnerabilities

Vulnerabilities summary
The following advisory describes three (3) vulnerabilities found in the following vendors:

  • Lorex
  • StarVedia
  • Eminent
  • Kraun

The vulnerabilities found:

  • Hard-coded credentials
  • Remote command injection (2)

It is possible to chain the vulnerabilities and to achieve unauthenticated remote command execution.

Credit
An independent security researcher, Robert Kugler (https://www.s3cur3.it), has reported this vulnerabilities to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
We tried to contact Lorex, Kraun and Eminent, attempts to establish contact went unanswered, therefore no details have been provided on a solution or a workaround.

StarVedia were informed of the vulnerabilities and released patches to address them – “These two issues were fixed before your contacting us”
Continue reading SSD Advisory – Multiple IoT Vendors – Multiple Vulnerabilities