SSD Advisory – VK Messenger (VKontakte) vk:// URI Handler Commands Execution

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerability Summary
The following describes a vulnerability in VK Messenger that is triggered via the exploitation of improperly handled URI.

VK (VKontakte; [..], meaning InContact) is “an online social media and social networking service. It is available in several languages. VK allows users to message each other publicly or privately, to create groups, public pages and events, share and tag images, audio and video, and to play browser-based games. It is based in Saint Petersburg, Russia”.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Affected Version
VK Messenger version 3.1.0.143

Vendor Response
The vendor responded that the problem no longer affects the latest version – but didn’t provide any information on when it was fixed and whether it was fixed due to someone else reporting this vulnerability.
Continue reading SSD Advisory – VK Messenger (VKontakte) vk:// URI Handler Commands Execution

beVX Conference Challenge

During the event of OffensiveCon, we launched a reverse engineering and encryption challenge and gave the attendees the change to win great prizes.

The challenge was divided into two parts, a file – can be downloaded from here: https://www.beyondsecurity.com/bevxcon/bevx-challenge-1 – that you had to download and reverse engineer and server that you had to access to have a running version of this file.

The challenge could not have been resolved without access to the server as the encryption key that you were supposed to extract was only available in the running version on the server.

We had some great solutions sent to us, some of them were posted below – some arrived after the deadline, and some were not eligible as their solution was incomplete, but in the end we had three winners.

First place winner got an all paid, flight and hotel, and entry to our security conference beVX in September, second place prize winner got flight and entry to our security conference and the third place winner got a free entry to our event.
Continue reading beVX Conference Challenge

SSD Advisory – TrendNet AUTHORIZED_GROUP Information Disclosure

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerability Summary
The following advisory describes an information disclosure found in the following TrendNet routers:

  • TEW-751DR – v1.03B03
  • TEW-752DRU – v1.03B01
  • TEW733GR – v1.03B01

TRENDnet’s “N600 Dual Band Wireless Router, model TEW-751DR, offers proven concurrent Dual Band 300 Mbps Wireless N networking. Embedded GREENnet technology reduces power consumption by up to 50%. For your convenience this router comes pre-encrypted and features guest networks. Seamlessly stream HD video with this powerful router.”

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Several attempts to email TrendNet went unanswered, we have no idea what is the status of a fix or availability of a workaround.

CVE: CVE-2018-7034
Continue reading SSD Advisory – TrendNet AUTHORIZED_GROUP Information Disclosure

SSD Advisory – CloudMe Unauthenticated Remote Buffer Overflow

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

The following advisory describes one (1) vulnerability found in CloudMe.

CloudMe is “a file storage service operated by CloudMe AB that offers cloud storage, file synchronization and client software. It features a blue folder that appears on all devices with the same content, all files are synchronized between devices.”

The vulnerability found is a buffer overflow vulnerability, which when exploited can be used to cause the product to execute arbitrary code.

Credit
A security researcher from, hyp3rlinx, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
The vendor has released CloudMe version 1.11.0 which addresses this vulnerability.

CVE: CVE-2018-6892
Continue reading SSD Advisory – CloudMe Unauthenticated Remote Buffer Overflow