Remote Command Execution

SSD Advisory – SMC Networks Session and Command Injection

TL;DR Find out how we managed to inject an auth session into the device and through it gain a reverse root tcp shell in SMC Networks devices. Vulnerability Summary SMC Networks provides many Network products, one of them is Modems.SMC’s Modems are used to transmit data over between your connected devices in your Network.A vulnerability …

SSD Advisory – SMC Networks Session and Command Injection Read More »

SSD Advisory – Ruckus IoT vRIoT Server Vulnerabilities

Vulnerability SummaryThe Ruckus IoT Suite is a collection of network hardware and software infrastructure used to enable multi-standard Internet of Things devices access the network. The IoT Controller, part of the IoT Suite, is a virtual controller that performs connectivity, device and security management for non Wi-Fi devices.Many functionalities are exposed by the IoT Controller …

SSD Advisory – Ruckus IoT vRIoT Server Vulnerabilities Read More »

SSD Advisory – Synology DSM Remote Command Injection

IntroductionNetwork-attached storage devices allow multiple users and heterogeneous client devices to retrieve data from centralized disk capacity. These NAS stations are a must for secured file sharing and thus becoming a popular target for hacking attempts. Read below on how a fellow researcher working with our team demonstrated getting access via Authenticated Remote Command into …

SSD Advisory – Synology DSM Remote Command Injection Read More »

SSD Advisory – Vesta CP Remote Command Execution To Privilege Escalation

Vulnerabilities SummaryThe following advisory describes a vulnerability in Vesta control panel (VestaCP), an open source hosting control panel, which can be used to manage multiple websites, create and manage email accounts, FTP accounts, and MySQL databases, manage DNS records and more.CVECVE-2019-9859CreditAn independent Security Researcher, 0xecute, has reported this vulnerability to SSD Secure Disclosure program.Affected systemsVestaCP …

SSD Advisory – Vesta CP Remote Command Execution To Privilege Escalation Read More »

SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation

Vulnerabilities Summary Cisco Prime Infrastructure (CPI) contains two vulnerabilities that when exploited allow an unauthenticated attacker to achieve root privileges and execute code remotely. The first vulnerability is a file upload vulnerability that allows the attacker to upload and execute JSP files as the Apache Tomcat user. The second vulnerability is a privilege escalation to …

SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation Read More »

SSD Advisory – QRadar Remote Command Execution

Vulnerability Summary Multiple vulnerabilities in QRadar allow a remote unauthenticated attackers to cause the product to execute arbitrary commands. Each vulnerability on its own is not as strong as their chaining – which allows a user to change from unauthenticated to authenticated access, to running commands, and finally running these commands with root privileges. Vendor …

SSD Advisory – QRadar Remote Command Execution Read More »

SSD Advisory – TerraMaster TOS Unauthenticated Remote Command Execution

Vulnerability Summary The following advisory describes a unauthenticated remote command execution found in TerraMaster TOS 3.0.33. TOS is a “Linux platform-based operating system developed for TerraMaster cloud storage NAS server. TOS 3 is the third generation operating system newly launched.” Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure …

SSD Advisory – TerraMaster TOS Unauthenticated Remote Command Execution Read More »

SSD Advisory – Western Digital My Cloud Pro Series PR2100 Authenticated RCE

Vulnerability Summary A vulnerability in the Western Digital My Cloud Pro Series PR2100 allows authenticated users to execute commands arbitrary commands. Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor Response The vendor was notified on the 28th of November 2017, and responded that they take security …

SSD Advisory – Western Digital My Cloud Pro Series PR2100 Authenticated RCE Read More »

SSD Advisory – VK Messenger (VKontakte) vk:// URI Handler Commands Execution

Vulnerability Summary The following describes a vulnerability in VK Messenger that is triggered via the exploitation of improperly handled URI. VK (VKontakte; [..], meaning InContact) is “an online social media and social networking service. It is available in several languages. VK allows users to message each other publicly or privately, to create groups, public pages …

SSD Advisory – VK Messenger (VKontakte) vk:// URI Handler Commands Execution Read More »

SSD Advisory – CloudMe Unauthenticated Remote Buffer Overflow

The following advisory describes one (1) vulnerability found in CloudMe. CloudMe is “a file storage service operated by CloudMe AB that offers cloud storage, file synchronization and client software. It features a blue folder that appears on all devices with the same content, all files are synchronized between devices.” The vulnerability found is a buffer …

SSD Advisory – CloudMe Unauthenticated Remote Buffer Overflow Read More »

SSD Advisory – Hack2Win – Cisco RV132W Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Cisco RV132W Wireless N VPN version 1.0.1.8 The Cisco RV132W Wireless-N ADSL2+ VPN Router is “easy to use, set up, and deploy. This flexible router offers great performance and is suited for small or home offices (SOHO) and smaller deployments.” The vulnerabilities found are: …

SSD Advisory – Hack2Win – Cisco RV132W Multiple Vulnerabilities Read More »

SSD Advisory – Multiple IoT Vendors – Multiple Vulnerabilities

Vulnerabilities summary The following advisory describes three (3) vulnerabilities found in the following vendors: Lorex StarVedia Eminent Kraun The vulnerabilities found: Hard-coded credentials Remote command injection (2) It is possible to chain the vulnerabilities and to achieve unauthenticated remote command execution. Credit An independent security researcher, Robert Kugler (https://www.s3cur3.it), has reported this vulnerabilities to Beyond …

SSD Advisory – Multiple IoT Vendors – Multiple Vulnerabilities Read More »

?

Get in touch