4 min
Vulnerability Disclosure
R7-2019-39 | CVE-2019-5648: LDAP Credential Exposure in Barracuda Load Balancer ADC (FIXED)
This post describes CVE-2019-5648, a vulnerability in the Barracuda Load Balancer ADC.
11 min
Vulnerability Disclosure
R7-2019-09 | CVE-2019-5617, CVE-2019-5643, CVE-2019-5644: C4G BLIS authentication and authorization vulnerabilities (FIXED)
This disclosure describes R7-2019-09, composed of three vulnerabilities in the
Basic Laboratory Information System (BLIS). Due to flawed authentication and
authorization verification, versions of BLIS < 3.5 are vulnerable to
unauthenticated password resets (R7-2019-09.1), and versions of BLIS < 3.51 are
vulnerable to unauthenticated enumeration of facilities and usernames
(R7-2019-09.2) as well as unauthenticated updates to user information
(R7-2019-09.3).
These vulnerabilities are summarized i
9 min
Vulnerability Disclosure
Investigating the Plumbing of the IoT Ecosystem (R7-2018-65, R7-2019-07) (FIXED)
Two vulnerabilities have been disclosed for Eaton's Home Lighting HALO Home Smart Lighting System and BlueCats' AA Beacon.
3 min
Vulnerability Disclosure
R7-2019-01: CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass (CVE-2019-5616)
The Sicon-8 ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user’s web browser.
3 min
Haxmas
R7-2018-52: Guardzilla IoT Video Camera Hard-Coded Credential (CVE-2018-5560)
Most HaXmas posts are full of fun and frivolity, but this one is a routine vulnerability disclosure in a piece of IoT gear that you should know about.
4 min
Vulnerability Disclosure
R7-2018-01 (CVE-2018-5551, CVE-2018-5552): DocuTrac Office Therapy Installer Hard-Coded Credentials and Cryptographic Salt
DocuTrac QuickDoc & Office Therapy ships with a number of static accounts which are not disclosed to the end user.
18 min
Vulnerability Disclosure
R7-2017-25: Cambium ePMP and cnPilot Multiple Vulnerabilities
Summary of Issues
Multiple vulnerabilities in Cambium Networks’ ePMP and cnPilot product lines
were discovered by independent researcher Karn Ganeshen
[http://ipositivesecurity.com/], which have, in turn, been addressed by the
vendor. The affected devices are in use all over the world to provide wireless
network connectivity in a variety of contexts, including schools, hotels,
municipalities, and industrial sites, according to the vendor
[http://www.cambiumnetworks.com/industry/].
These issue
4 min
Vulnerability Disclosure
R7-2017-08: BPC SmartVista SQL Injection Vulnerability
Important update: 2018/01/25
BPC informed Rapid7 that this vulnerability only impacted the specified version
of SmartVista Front-End (2.2.10, revision 287921), which had very limited
distribution. Once the vulnerability described below was discovered, BPC
released a patch on Jul 19, 2017, before the issuance of the public disclosure
by Rapid7 on Oct 17, 2017. We have no reason to believe that any other versions
of SmartVista Front-End are vulnerable to this issue. Rapid7 believed the issue
to st
8 min
Vulnerability Disclosure
Multiple vulnerabilities in Wink and Insteon smart home systems
Today we are announcing four issues affecting two popular home automation
solutions: Wink's Hub 2 and Insteon's Hub. Neither vendor stored sensitive
credentials securely on their associated Android apps. In addition, the Wink
cloud-based management API does not properly expire and revoke authentication
tokens, and the Insteon Hub uses an unencrypted radio transmission protocol for
potentially sensitive security controls such as garage door locks.
As most of these issues have not yet been addres
5 min
Authentication
R7-2017-07: Multiple Fuze TPN Handset Portal vulnerabilities (FIXED)
This post describes three security vulnerabilities related to access controls
and authentication in the TPN Handset Portal, part of the Fuze platform. Fuze
fixed all three issues by May 6, 2017, and user action is not required to
remediate. Rapid7 thanks Fuze for their quick and thoughtful response to these
vulnerabilities:
* R7-2017-07.1, CWE-284 (Improper Access Control)
[http://cwe.mitre.org/data/definitions/284.html]: An unauthenticated remote
attacker can enumerate through MAC addr
2 min
Vulnerability Disclosure
R7-2017-06 | CVE-2017-5241: Biscom SFT XSS (FIXED)
Summary
The Workspaces component of Biscom Secure File Transfer (SFT) version 5.1.1015
is vulnerable to stored cross-site scripting in two fields. An attacker would
need to have the ability to create a Workspace and entice a victim to visit the
malicious page in order to run malicious Javascript in the context of the
victim's browser. Since the victim is necessarily authenticated, this can allow
the attacker to perform actions on the Biscom Secure File Transfer instance on
the victim's behalf.
3 min
Vulnerability Disclosure
R7-2017-05 | CVE-2017-3211: Centire Yopify Information Disclosure
This post describes a vulnerability in Yopify (a plugin for various popular
e-commerce platforms), as well as remediation steps that have been taken. Yopify
leaks the first name, last initial, city, and recent purchase data of customers,
all without user authorization. This poses a significant privacy risk for
customers. This vulnerability is characterized as: CWE-213 (Intentional
Information Disclosure) [http://cwe.mitre.org/data/definitions/213.html].
Product Description
Yopify [http://yopi
17 min
Vulnerability Disclosure
R7-2016-23, R7-2016-26, R7-2016-27: Multiple Home Security Vulnerabilities
Executive Summary
In October of 2016, former Rapid7 researcher Phil Bosco
[http://twitter.com/secillusion] discovered a number of relatively low-risk
vulnerabilities and issues involving home security systems that are common
throughout the United States, and which have significant WiFi or Ethernet
capabilities. The three systems tested were offerings from Comcast XFINITY, ADT,
and AT&T Digital Life, and the issues discovered ranged from an apparent "fail
open" condition on the external door and
6 min
Vulnerability Disclosure
R7-2016-28: Multiple Eview EV-07S GPS Tracker Vulnerabilities
Seven issues were identified with the Eview EV-07S GPS tracker, which can allow
an unauthenticated attacker to identify deployed devices, remotely reset
devices, learn GPS location data, and modify GPS data. Those issues are briefly
summarized on the table below.
These issues were discovered by Deral Heiland of Rapid7, Inc., and this advisory
was prepared in accordance with Rapid7's disclosure policy.
Vulnerability DescriptionR7 IDCVEExploit VectorUnauthenticated remote factory
resetR7-2016-28
4 min
Vulnerability Disclosure
R7-2017-01: Multiple Vulnerabilities in Double Robotics Telepresence Robot
This post describes three vulnerabilities in the Double Robotics Telepresence
Robot ecosystem related to improper authentication, session fixation, and weak
Bluetooth pairing. We would like to thank Double Robotics for their prompt
acknowledgement of the vulnerabilities, and in addressing the ones that they
considered serious. Two of the three vulnerabilities were patched via updates to
Double Robotics servers on Mon, Jan 16, 2017.
Credit
These issues were discovered by Rapid7 researcher Deral