Posts

Showing posts from December, 2024

Unauthenticated Configuration File Exposure via Predictable URL in DB-70 / CVE pending

Image
Delta Dore DB-70 is Industrial IP Controller The Delta Dore DB-70 stores its configuration on a static path on the web server. The naming structure for the configuration file is "DB-70_WSA_" + "Application Version without dots" + "_config.bin". For instance, if the application version is 01.04.00, the configuration file would be named "DB-70_WSA_010104_config.bin" . http://xx.yy.zz.tt:8080/admin/DB-70_WSA_010104_config.bin The DB-70 device exposes its application version on the " informations.shtm " web page without requiring any authentication. As a result, anyone can easily retrieve the device's application version. Consequently, an unauthenticated attacker can easily construct a URL to retrieve the device's configuration file without any authentication. This configuration file contains the username and password in plain text, posing a significant security risk. It exposes the device to potential denial-of-service attac...
Post a Comment
Read more

Unauthenticated User Creation and Privilege Escalation in Richerlink ANM8001H Indoor EoC Master (white labeled to: EK Plus (Ekselans by ITS) ) / CVE pending

I will share the update once I receive the CVE.
Post a Comment
Read more

The Strong Universal Repeater 300 allows unauthorised retrieval of configuration data and the admin password vulnerability / CVE pending

Image
The unauthenticated remote attack vector needs to craft a URL to download a plaintext configuration file named profile.bin or parsing the set_safety.html file to find the syspasswd field. The Strong Universal Repeater 300 lacks any security controls for the configuration file and password change web page. This absence allows the disclosure of configuration details and passwords, leading to potential device takeover and denial-of-service attacks.
Post a Comment
Read more