SSD Advisory – ASUSTOR NAS Devices Authentication Bypass

Vulnerabilities Summary
An ASUSTOR NAS or network attached storage is “a computer appliance built from the ground up for storing and serving files. It attaches directly to a network, allowing those on the network to access and share files from a central location”. In the following advisory we will discuss a vulnerability found inside ASUSTOR NAS which lets anonymous attackers bypass authentication requirement of the product.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Affected systems
ASUSTOR NAS devices running ADM version 3.0.5.RDU1 and prior
Continue reading SSD Advisory – ASUSTOR NAS Devices Authentication Bypass

SSD安全公告-GitStack未经验证的远程代码执行漏洞

漏洞概要

以下安全公告描述了在GitStack中存在的一个未经身份验证的动作,允许远程攻击者添加新用户,然后用于触发远程代码执行。

GitStack是一个可以让你设置你自己私人Git服务器的软件。 这意味着你可以创建一个没有任何内容的版本控制系统。GitStack可以非常容易的保持你的服务器是最新的。它是真正Git for Windows,并与任何其他Git客户端兼容。GitStack对于小团队来说是完全免费的。

Continue reading SSD安全公告-GitStack未经验证的远程代码执行漏洞

SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution

Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities found in AsusWRT Version 3.0.0.4.380.7743. The combination of the vulnerabilities leads to LAN remote command execution on any Asus router.

AsusWRT is “THE POWERFUL USER-FRIENDLY INTERFACE – The enhanced ASUSWRT graphical user interface gives you easy access to the 30-second, 3-step web-based installation process. It’s also where you can configure AiCloud 2.0 and all advanced options. ASUSWRT is web-based, so it doesn’t need a separate app, or restrict what you can change via mobile devices — you get full access to everything, from any device that can run a web browser”

The vulnerabilities found are:

  • Access bypass
  • Configuration manipulation

Credit
An independent security researcher, Pedro Ribeiro (pedrib_at_gmail.com), has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Asus were informed of the vulnerabilities and released patches to address them (version 3.0.0.4.384_10007).

For more details: https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/

CVE: CVE-2018-5999 and CVE-2018-6000

Continue reading SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution

SSD Advisory – GitStack Unauthenticated Remote Code Execution

Vulnerability Summary
The following advisory describes an unauthenticated action that allows a remote attacker to add a user to GitStack and then used to trigger an unauthenticated remote code execution.

GitStack is “a software that lets you setup your own private Git server for Windows. This means that you create a leading edge versioning system without any prior Git knowledge. GitStack also makes it super easy to secure and keep your server up to date. GitStack is built on the top of the genuine Git for Windows and is compatible with any other Git clients. GitStack is completely free for small teams.”

Credit
An independent security researcher, Kacper Szurek, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
We tried to contact GitStack since October 17 2017, repeated attempts to establish contact were answered, but no details have been provided on a solution or a workaround.

CVE: CVE-2018-5955
Continue reading SSD Advisory – GitStack Unauthenticated Remote Code Execution