SSD Advisory – WiseGiga NAS Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities summary
The following advisory describes five (5) vulnerabilities and default accounts / passwords found in WiseGiga NAS devices.

WiseGiga is a Korean company selling NAS products.

The vulnerabilities found in WiseGiga NAS are:

  • Pre-Authentication Local File Inclusion (4 different vulnerabilities)
  • Post-Authentication Local File Inclusion
  • Remote Command Execution as root
  • Remote Command Execution as root with CSRF
  • Info Leak
  • Default accounts

Credit
An independent security researcher, Pierre Kim, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
We tried to contact WiseGiga since June 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for these vulnerabilities.

Continue reading SSD Advisory – WiseGiga NAS Multiple Vulnerabilities

SSD Advisory – Mako Web-server Tutorials Multiple Unauthenticated Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describe three (3) vulnerabilities found in Mako Server’s tutorial page.

The vulnerabilities found are:

  • Unauthenticated Arbitrary File Write vulnerability that leads to Remote Command Execution
  • Unauthenticated File Disclosure
  • Unauthenticated Server Side Request Forgery

As these tutorial may be used as the basis for production code, it is important for users to be aware of these issues.

“As a compact application and web server, the Mako Server helps developers rapidly design secure IoT and web applications. The Mako Server provides an application server environment from which developers can design and implement complete, custom solutions. The Mako Web Server is ideal for embedded Linux systems.”

Credit
An independent security researcher, John Page AKA hyp3rlinx, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
RealTimeLogic was informed of the vulnerability on Aug 13, but while acknowledging the receipt of the vulnerability information, refused to respond to the technical claims, to give a fix timeline or coordinate an advisory, saying:
“I just sent a formal notification for the commercial license requirement and also we need to put a maintenance contract in place.

Internally I need to set-up a cost allocation account for billing against these support inquiries.”

At this time it’s unclear whether these vulnerabilities are going to be fixed and further attempts to get a status clarification failed.

Continue reading SSD Advisory – Mako Web-server Tutorials Multiple Unauthenticated Vulnerabilities

SSD Advisory – Oracle Java and Apache Xerces PDF/Docx Server Side DoS

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities found in Oracle Java JDK/JRE (1.8.0.131 and previous versions) packages and Apache Xerces (2.11.0)

The vulnerabilities are:

  • Oracle JDK/JRE Concurrency-Related Denial of Service
  • java.net.URLConnection (with no setConnectTimeout) Concurrency-Related Denial of Service

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
Oracle acknowledged receiving the report, and has assigned it a tracking number: S0876966. We have no further information on patch availability or a workaround.

Continue reading SSD Advisory – Oracle Java and Apache Xerces PDF/Docx Server Side DoS

SSD Advisory – Remote Command Execution in Western Digital with Dropbox App

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability summary
The following advisory describes an unauthenticated Remote Command Execution vulnerability in My Cloud products with that has Dropbox App installed.

The My Passport, My Book, and My Cloud (Single-Bay) drives allow users to backup their data to an existing Dropbox account using WD SmartWare Pro, WD Backup. The My Cloud Dropbox App (Available on the multi-bay My Cloud drives) allows a user to sign-in to their Dropbox account and synchronize the data stored between the drive and Dropbox storage.

Credit
An independent security researcher, Kacper Szurek, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
Western Digital was informed of the vulnerability, and released Dropbox v2.00 to address it.

Continue reading SSD Advisory – Remote Command Execution in Western Digital with Dropbox App