SSD Advisory – Xiaomi Air Purifier 2 Firmware Update Process Vulnerability

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes an Firmware Update Process Vulnerability found in Xiaomi Air Purifier 2.

Mi Air Purifier is a High performance smart air purifier (IoT) that can be controlled remotely.

According to the manufacture (Xiaomi) “Monitor your home air quality in real time from absolutely anywhere when you sync with the Mi Home app on your phone. Control Mi Air Purifier remotely and watch how air is being purified. The app even displays outside air quality and tells you when it’s safe to switch Mi off and open your windows.”

Xiaomi Air Purifier 2, version 1.2.4_59, does not use a secure connection for its firmware update process. The update process is in plain-text HTTP.

A potential attacker can exploit the firmware update process to:

  • Obtaining the firmware binary for analysis to conduct other attacks
  • Enables inject modified firmware

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
We reported the vulnerability to Xiaomi and they informed us that: “Because of Xiaomi Air Purifier initial design features,there is not enough storage is available to use HTTPS. So this will not be fixed for the time being but it will be fixed in the later versions.”

SSD Advisory – Cisco DPC3928 Router Arbitrary File Disclosure

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes an arbitrary file disclosure vulnerability found in Cisco DPC3928AD DOCSIS 3.0 2-PORT Voice Gateway.

The Cisco DPC3928AD DOCSIS is a home wireless router that is currently "Out of support" but is provided by ISPs world wide.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
We reported the vulnerability to Cisco and they informed us that the Cisco DPC3928AD sold to Technicolor: “The Cisco DPC3928AD was actually sold to Technicolor a while back. In this case, we will ask you to please contact Technicolor at security@technicolor.com to open a case with them”

After connecting Technicolor, they informed us that the product has reached end of life and they will not patch the vulnerability: “After an extensive search for the product to perform validation, we were unable to source the gateway to validate your proof of concept. Due to the end-of-sale and end-of-life of the product Technicolor will not be patching the bug.”

Continue reading SSD Advisory – Cisco DPC3928 Router Arbitrary File Disclosure

SSD Advisory – TerraMaster Operating System (TOS) File Disclosure

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes a File Disclosure vulnerability found in TerraMaster Operating System (TOS) version 3.

TerraMaster Operating System, TOS is a Linux platform-based operating system developed for TerraMaster cloud storage NAS server. TOS 3 is the third generation operating system newly launched.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
TerraMaster has released patches to address this vulnerability – “Tech team limit the normal user’s rights”.

Continue reading SSD Advisory – TerraMaster Operating System (TOS) File Disclosure

Know your community – @unixfreaxjp, founder and team leader of MalwareMustDie

Every once in a while you hear on the news that cyber criminals were arrested, today I have the honor to interview the man who put them behind bars!

Please meet @unixfreaxjp, founder and team leader of MalwareMustDie, NPO (malwaremustdie.org) and Kendo master (3rd Dan).

Disclaimer: A lot of criminals are looking for him, so we won’t disclose his identity

Continue reading Know your community – @unixfreaxjp, founder and team leader of MalwareMustDie