what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Transcend Firmware 1.8 CSRF / Brute Force

Transcend Firmware 1.8 CSRF / Brute Force
Posted Mar 27, 2017
Authored by MustLive

Transcend with firmware version 1.8 suffers from cross site request forgery, predictable resource, and brute force vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | 1a4032fa7dcf5d2be45c3dbe7dec9600646e994b5861142be52724d063667022

Transcend Firmware 1.8 CSRF / Brute Force

Change Mirror Download
Hello list!

All your photos and videos are belong to me. If they are on Transcend flash
card :-).

There are Predictable Resource Location, Brute Force and Cross-Site Request
Forgery vulnerabilities in Transcend Wi-Fi SD Card.

-------------------------
Affected products:
-------------------------

Vulnerable is the next model: Transcend Wi-Fi SD Card 16 GB, Firmware v.1.8.
This model with other firmware versions and other Transcend models also can
be vulnerable.

----------
Details:
----------

There are two modes of connection to the flash card: Direct Share and
Internet Mode. In the first mode device with Wi-Fi is connected to this
card, and in the second mode the card itself is connected to Wi-Fi devices
(access point, router or smartphone with enabled Personal Hotspot) - then
all computers on the LAN will have access to it. I will discuss the first
mode, about the second will write in the next advisory.

Predictable Resource Location (WASC-34):

When you insert the card in digital camera and turn camera on, Wi-Fi
operates immediately and one can connect to it in the Direct Share mode. By
using default SSID and password. It is unlikely that the owner will change
these settings. Software and documentation to the card don't give advices on
changing this password or password to admin panel.

It's possible to get access to all files on the card by using applications
for iOS and Android. After starting the program it's only need to enter
username and password for admin panel.

Also in Direct Share mode it's possible to access in the browser to admin
panel and access all files on the flash card. By using default username and
password.

Brute Force (WASC-11):

There is no protection against BF attacks in admin panel 192.168.11.254,
because Basic Authentication is used. It is unlikely that the owner will
change login and password for admin panel. But if will change, then they can
be picked up.

Cross-Site Request Forgery (WASC-09):

There are CSRF vulnerabilities in admin panel. Such as this one: in login
process there is no captcha, so besides lack of protection against BF, also
CSRF attack can be made. It's possible to remotely enter into admin panel
(with default login and password) for conducting further CSRF attacks.

<img src="http://admin:admin@192.168.11.254">

------------
Timeline:
------------

2014.05.10 - found vulnerabilities in Transcend Wi-Fi SD Card 16 GB.
2015.08.01 - announced at my site. Later informed developers.
2017.01.28 - disclosed at my site (http://websecurity.com.ua/7900/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua



Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close