AudioCodes VoIP Phones with firmware versions greater than or equal to 3.4.4.1000 have been found to have validation of firmware images that only consists of simple checksum checks for different firmware components.
87f14d8fb3d841332987f94e0d0b781df7d013b6b805f919c5e4b88c417fe4f0
Omnis Studio version 10.22.00 suffers from a locked class bypass vulnerability.
70baa8a88b3de2130acfbd71ec3e460da1f75e0d1808158d3e555ff37a98c8f0
Omnis Studio version 10.22.00 suffers from a private library access bypass vulnerability.
53637e29b7365ce0e3a3037d27a08a606b6472cc022aa871d1d1d277c7cbca39
When analyzing the external data storage Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the device will not lock and require reformatting after 20 failed passcode attempts, as described in the product description and the corresponding user manual.
08145b3fed5af98f2c1a58867fcffc5c6a963943711eed8b147ca33d079c84b8
When analyzing the external data storage Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16).
d39be10e67c9b627d81d5563e3043fc1643ed064d12773022e54946e4d13c40c
When analyzing the external storage device Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode.
94cc2f212c629f6d55adb277c12c057ade203121d15ef2c833dae91f93644f56
When analyzing the external storage device Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that it uses an insecure design which allows for offline brute-force attacks against the passcode.
1eec8f74130bb65d97f78635534eca25e6988ba281f9bc35cc664431829d03d5
When analyzing the USB flash drive Lepin EP-KP001, Matthias Deeg found out that it uses an insecure hardware design which allows an attacker to bypass the password-based user authentication.
aab63ef3bc7b1c7a28a491f23ff3e38331ea8654041288aca94a8bd6d5435366
When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out that the content of the emulated CD-ROM drive containing the Windows and macOS client software can be manipulated. The content of this emulated CD-ROM drive is stored as ISO-9660 image in the "hidden" sectors of the USB drive that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure.
26ff4e832d69529801ce9581fa340d311be8da080d073cf03ef28644ddb30a51
When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01D), which then gets successfully executed by the USB-to-SATA bridge controller.
6fe888a83e3d60fa3dff9cbd864af7c01af27b2dbd4a6cda8d208d3d0a240337
When analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the content of the emulated CD-ROM drive containing the Windows and macOS client software can be manipulated. The content of this emulated CD-ROM drive is stored as ISO-9660 image in the "hidden" sectors of the USB drive that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure.
820817b00f35d5e9cdd824108c5f8d3d74d064b3343d74f7c689cef4f9919f97
When analyzing the Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01B), which then gets successfully executed by the USB-to-SATA bridge controller.
5cf09b9a6a7dc17bc2bc9248633676029f1f2f7c319f1bda1a93395588b69053
When analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data.
5957d6ef4f65feb57e39fb3699989b7271db9a941fefc0a0ecfcc6d07e41f538
When analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out it uses an insecure design which allows retrieving the currently used password and thus the ability to unlock and access the stored data in an unauthorized way.
bf98542c479e3621d63c8f97f240d1176143d928dd39fcee82bda83c3c2f65d1
When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data.
859d87ae63633787bdbe010be7b03817fc47a4dc9d6e5a47c6b19c31de4fe3cc
When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out it uses an insecure design which allows retrieving the currently used password and thus the ability to unlock and access the stored data in an unauthorized way.
6d66162caa87e1410113575c6a6d6f93e01bfe781f0ffa5dbe090641a9dac682
When analyzing the external SSD Verbatim Store n Go Secure Portable HDD, Matthias Deeg found out that the device will not lock and require reformatting after 20 failed passcode attempts, as described in the product description] and the corresponding user manual. Thus, an attacker with physical access to such an external SSD can try more passcodes in order to unlock the device. During the security analysis, SySS could not find out how many failed passcode attempts would actually lock the device and require reformatting it, as this device state was never reached.
2ceb86673a9c736cebd67a39527a5eb8f328102b032e0b9271b870c40377d572
When analyzing the external SSD Verbatim Store n Go Secure Portable HDD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01D), which then gets successfully executed by the USB-to-SATA bridge controller. For instance, this security vulnerability could be exploited in a so-called "supply chain attack" when the device is still on its way to its legitimate user. An attacker with temporary physical access during the supply could program a modified firmware on the Verbatim Keypad Secure, which always uses an attacker-controlled AES key for the data encryption, for example. If, later on, the attacker gains access to the used USB drive, he can simply decrypt all contained user data.
7098d1b68edc002a1e51f5c5258de96984b038b74b703b8420355811a28fb504
When analyzing the external SSD Verbatim Store 'n' Go Secure Portable HDD, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data.
0a41b12ec159b56c4a817b283683266a073263b88ea74e74ebd6d5ec636346de
When analyzing the external SSD Verbatim Store n Go Secure Portable HDD, Matthias Deeg found out it uses an insecure design which allows for offline brute-force attacks against the passcode.
992893d816c50c6e18dc3b87a2deb353082bfef3a9a95208d73963be95c513e7
When analyzing the USB drive Verbatim Keypad Secure, Matthias Deeg found out that the device will not lock and require reformatting after 20 failed passcode attempts, as described in the product description and the corresponding user manual. Thus, an attacker with physical access to such a USB drive can try more passcodes in order to unlock the device. During the security analysis, SySS could not find out how many failed passcode attempts would actually lock the device and require reformatting it, as this device state was never reached.
804a05333025641223da065ca26bc382662a75dcb6a1c913f590cb580995be6e
When analyzing the USB drive Verbatim Keypad Secure, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data.
870e1158dd8a0f1a4262a0e47ae8e997a02f327d39289e77fef1eba7910be322
When analyzing the USB drive Verbatim Keypad Secure version 3.2 Gen 1 Drive, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01D), which then gets successfully executed by the USB-to-SATA bridge controller.
52c1bd34c6801f46e1bba55d25c92e6597c84cbd41ec64b03d514cd0fa54e98f
When analyzing the USB drive Verbatim Keypad Secure version 3.2 Gen 1 Drive, Matthias Deeg found out it uses an insecure design which allows for offline brute-force attacks against the passcode.
3ed883a011f776ec342336cc3c9cfdade67dfbd44f04b20239f15f16a6dc912e
Razer Synapse versions prior to 3.7.0228.022817 suffer from a dll hijacking vulnerability.
002e65d1b8885606e6754a271ca91f9be7adcbea2fcaf38560beda10596e175d