SSD Advisory – ZendMail Remote Code Execution Vulnerability

Vulnerability Summary

The following report describes a remote code execution vulnerability found in ZendMail. The vulnerability allows an attacker injecting additional parameters to the sendmail binary via the From address.

Credit
An independent security researcher Dawid Golunski (https://legalhackers.com/) has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Continue reading SSD Advisory – ZendMail Remote Code Execution Vulnerability

SSD Advisory – ZyXEL / Billion Multiple Vulnerabilities

Vulnerability Summary
The following advisory describes four (4) vulnerabilities and default accounts / passwords in ZyXEL / Billion customized routers.

TrueOnline is a major Internet Service Provider in Thailand that provides customized versions of routers to its customers, free of charge.

The routers are manufactured by ZyXEL and Billion runs a special Linux distribution called “tclinux”. Several models are distributed by TrueOnline, three in particular are widespread:

  1. ZyXEL P660HN-T v1 (distributed up to 2013)
  2. ZyXEL P660HN-T v2
  3. Billion 5200W-T (currently being distributed to new clients)

These are customized versions of existing ZyXEL and Billion routers. They are MIPS systems and they all run BOA web server. The routers are vulnerable via command injections in its web interface, which can be exploited by an unauthenticated as well as an authenticated attacker. Furthermore, the routers includes several hardcoded accounts besides the usual administrator account.

The four vulnerabilities found in ZyXEL / Billion routers:

  1. Unauthenticated remote command execution vulnerability – P660HN-T v1 router
  2. Unauthenticated remote command execution vulnerability – Billion 5200W-T
  3. Authenticated remote command execution vulnerability – Billion 5200W-T
  4. Unauthenticated remote command execution vulnerability – P660HN-T v2

Default accounts and passwords:

  1. Default accounts- P660HN-T v1 router
  2. Default accounts – P660HN-T v2
  3. Default accounts – Billion 5200W-T router

Credit
Pedro Ribeiro (pedrib@gmail.com) has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Continue reading SSD Advisory – ZyXEL / Billion Multiple Vulnerabilities

SSD Advisory – EasyIO Multiple Vulnerabilities

Vulnerability Summary

The following advisory describes three (3) vulnerabilities that allow to an attacker to gain unauthenticated remote code execution. EasyIO provides products for Building Energy Management Systems. Low costs, high energy savings.

The three vulnerabilities found in EasyIO include:

  • Unauthenticated remote code execution
  • Unauthenticated database file download
  • Authenticated directory traversal vulnerability

The vulnerability affected the following products:

  • EasyIO FG Series, FG32
  • EasyIO FG Series, FG20

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Continue reading SSD Advisory – EasyIO Multiple Vulnerabilities