Barco wePresent Hardcoded API Credentials
Barco wePresent device firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated,...
View ArticleBarco wePresent Admin Credential Exposure
An attacker armed with hardcoded API credentials from KL-001-2020-004 (CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port...
View ArticleBarco wePresent Authentication Bypass
The Barco wePresent WiPG-1600W version 2.5.1.8 web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end...
View ArticleBarco wePresent Undocumented SSH Interface
Barco wePresent WiPG-1600W version 2.5.1.8 has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts...
View ArticleBarco wePresent Global Hardcoded Root SSH Password
Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have a hardcoded root password hash included in the firmware image.
View ArticleBarco wePresent Insecure Firmware Image
Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have firmware that does not perform verification of digitally signed firmware updates and is susceptible to processing and...
View ArticleCommScope Ruckus IoT Controller 1.7.1.0 Unauthenticated API Endpoints
Three API endpoints for the IoT Controller are accessible without authentication. Two of the endpoints result in information leakage and consumption of computing/storage resources. The third API...
View ArticleCommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed
API keys for CommScope Ruckus are included in the IoT Controller OVA image, and are exposed to attackers who mount the filesystem.
View ArticleCommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords
Hard-coded, system-level credentials exist on the Ruckus IoT Controller OVA image, and are exposed to attackers who mount the filesystem.
View ArticleCommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application...
An undocumented, administrative-level, hard-coded web application account exists in the IoT Controller OVA which cannot be changed by the customer.
View ArticleCommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal
A Python script (web.py) for a Dockerized webservice contains a directory traversal vulnerability, which can be leveraged by an authenticated attacker to view the contents of directories on the IoT...
View ArticleCommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write
The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files on the IoT Controller. With the elevated privileges the web...
View ArticleCommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account
An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy (SCP).
View ArticleCisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read
Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 has an insecure sudo configuration which permits a low-privilege user to read root-only files via the dig...
View ArticleCisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation
Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 has an insecure sudo configuration which permits a low-privilege user to run arbitrary commands as root via...
View ArticleCisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File...
Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 suffers from an unpatched vulnerability in sudoedit, allowed by sudo configuration, which permits a...
View ArticleArtica Proxy 4.40 / 4.50 Authentication Bypass / Privilege Escalation
The Rich Filemanager feature of Artica Proxy versions 4.40 and 4.50 provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by...
View ArticleArtica Proxy 4.50 Loopback Service Disclosure
Services that are running and bound to the loopback interface on the Artica Proxy version 4.50 are accessible through the proxy service. In particular, the tailon service is running as the root user,...
View Article
