SSD Advisory – D-Link DSL-6850U Multiple Vulnerabilities

Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities found in D-Link DSL-6850U versions BZ_1.00.01 – BZ_1.00.09.

D-Link DSL-6850U is a router “manufactured by D-Link for Bezeq in Israel”
The vulnerabilities found are:

  • Default Credentials
  • Remote Command Execution

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Bezeq was informed of the vulnerability on June 9, and released patches to address these vulnerabilities.
Continue reading SSD Advisory – D-Link DSL-6850U Multiple Vulnerabilities

SSD Advisory – Trustwave SWG Unauthorized Access

Vulnerability Summary
The following advisory describes an unauthorized access vulnerability that allows an unauthenticated user to add their own SSH key to a remote Trustwave SWG version 11.8.0.27.

Trustwave Secure Web Gateway (SWG) “provides distributed enterprises effective real-time protection against dynamic new malware, strong policy enforcement, and a unique Zero-Malware Guarantee when managed for you by our experts.”

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Trustwave was informed of the vulnerability, and released the following advisory: https://www.trustwave.com/Resources/Trustwave-Software-Updates/Important-Security-Update-for-Trustwave-Secure-Web-Gateway/

CVE: CVE-2017-18001

Continue reading SSD Advisory – Trustwave SWG Unauthorized Access