SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities

Vulnerabilities summary
The following advisory describes two (2) unauthenticated command injection vulnerabilities.

Seagate Personal Cloud Home Media Storage is “the easiest way to store, organize, stream and share all your music, movies, photos, and important documents.”

Credit
An independent security researcher, Yorick Koster, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
Seagate was informed of the vulnerability on October 16, but while acknowledging the receipt of the vulnerability information, refused to respond to the technical claims, to give a fix timeline or coordinate an advisory

CVE: CVE-2018-5347
Continue reading SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities

SSD Advisory – Sophos XG from Unauthenticated Persistent XSS to Unauthorized Root Access

Vulnerability Summary
The following advisory describes an unauthenticated persistent XSS that leads to unauthorized root access found in Sophos XG version 17.

Sophos XG Firewall “provides unprecedented visibility into your network, users, and applications directly from the all-new control center. You also get rich on-box reporting and the option to add Sophos iView for centralized reporting across multiple firewalls.”

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Sophos was informed of the vulnerability, their response was:

CVE: CVE-2017-18014
Continue reading SSD Advisory – Sophos XG from Unauthenticated Persistent XSS to Unauthorized Root Access

SSD Advisory–D-Link DSL-6850U多个漏洞

漏洞概要

以下安全公告描述了在D-Link DSL-6850U BZ_1.00.01 – BZ_1.00.09中的发现的两个漏洞。

D-Link DSL-6850U是一款“以色列Bezeq制造的路由器”,在这款路由器中发现的漏洞是:

  • 默认凭证
  • 远程命令执行

Continue reading SSD Advisory–D-Link DSL-6850U多个漏洞

SSD Advisory – D-Link DSL-6850U Multiple Vulnerabilities

Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities found in D-Link DSL-6850U versions BZ_1.00.01 – BZ_1.00.09.

D-Link DSL-6850U is a router “manufactured by D-Link for Bezeq in Israel”
The vulnerabilities found are:

  • Default Credentials
  • Remote Command Execution

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Bezeq was informed of the vulnerability on June 9, and released patches to address these vulnerabilities.
Continue reading SSD Advisory – D-Link DSL-6850U Multiple Vulnerabilities