exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 113 RSS Feed

Files from Matthias Deeg

First Active2014-09-01
Last Active2023-08-16
AudioCodes VoIP Phones Insufficient Firmware Validation
Posted Aug 16, 2023
Authored by Matthias Deeg, Moritz Abrell | Site syss.de

AudioCodes VoIP Phones with firmware versions greater than or equal to 3.4.4.1000 have been found to have validation of firmware images that only consists of simple checksum checks for different firmware components.

tags | exploit
advisories | CVE-2023-22955
SHA-256 | 87f14d8fb3d841332987f94e0d0b781df7d013b6b805f919c5e4b88c417fe4f0
Omnis Studio 10.22.00 Library Unlock
Posted Jul 24, 2023
Authored by Matthias Deeg | Site syss.de

Omnis Studio version 10.22.00 suffers from a locked class bypass vulnerability.

tags | advisory, bypass
advisories | CVE-2023-38334
SHA-256 | 70baa8a88b3de2130acfbd71ec3e460da1f75e0d1808158d3e555ff37a98c8f0
Omnis Studio 10.22.00 Library Setting Bypass
Posted Jul 24, 2023
Authored by Matthias Deeg | Site syss.de

Omnis Studio version 10.22.00 suffers from a private library access bypass vulnerability.

tags | advisory, bypass
advisories | CVE-2023-38335
SHA-256 | 53637e29b7365ce0e3a3037d27a08a606b6472cc022aa871d1d1d277c7cbca39
Verbatim Store 'n' Go Secure Portable SSD Behavior Violation
Posted Oct 10, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the external data storage Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the device will not lock and require reformatting after 20 failed passcode attempts, as described in the product description and the corresponding user manual.

tags | advisory
advisories | CVE-2022-28386
SHA-256 | 08145b3fed5af98f2c1a58867fcffc5c6a963943711eed8b147ca33d079c84b8
Verbatim Store 'n' Go Secure Portable SSD Missing Trust
Posted Oct 10, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the external data storage Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16).

tags | advisory
advisories | CVE-2022-28383
SHA-256 | d39be10e67c9b627d81d5563e3043fc1643ed064d12773022e54946e4d13c40c
Verbatim Store 'n' Go Secure Portable SSD Weak Cryptography
Posted Oct 10, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the external storage device Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode.

tags | advisory
advisories | CVE-2022-28382
SHA-256 | 94cc2f212c629f6d55adb277c12c057ade203121d15ef2c833dae91f93644f56
Verbatim Store 'n' Go Secure Portable SSD Weak Cryptography
Posted Oct 10, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the external storage device Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that it uses an insecure design which allows for offline brute-force attacks against the passcode.

tags | advisory
advisories | CVE-2022-28384
SHA-256 | 1eec8f74130bb65d97f78635534eca25e6988ba281f9bc35cc664431829d03d5
Lepin EP-KP001 KP001_V19 Authentication Bypass
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the USB flash drive Lepin EP-KP001, Matthias Deeg found out that it uses an insecure hardware design which allows an attacker to bypass the password-based user authentication.

tags | exploit
advisories | CVE-2022-29948
SHA-256 | aab63ef3bc7b1c7a28a491f23ff3e38331ea8654041288aca94a8bd6d5435366
Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 Insufficient Verification
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out that the content of the emulated CD-ROM drive containing the Windows and macOS client software can be manipulated. The content of this emulated CD-ROM drive is stored as ISO-9660 image in the "hidden" sectors of the USB drive that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure.

tags | advisory
systems | windows
advisories | CVE-2022-28385
SHA-256 | 26ff4e832d69529801ce9581fa340d311be8da080d073cf03ef28644ddb30a51
Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 Missing Trust
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01D), which then gets successfully executed by the USB-to-SATA bridge controller.

tags | advisory
advisories | CVE-2022-28383
SHA-256 | 6fe888a83e3d60fa3dff9cbd864af7c01af27b2dbd4a6cda8d208d3d0a240337
Verbatim Fingerprint Secure Portable Hard Drive #53650 Insufficient Verification
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the content of the emulated CD-ROM drive containing the Windows and macOS client software can be manipulated. The content of this emulated CD-ROM drive is stored as ISO-9660 image in the "hidden" sectors of the USB drive that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure.

tags | advisory
systems | windows
advisories | CVE-2022-28385
SHA-256 | 820817b00f35d5e9cdd824108c5f8d3d74d064b3343d74f7c689cef4f9919f97
Verbatim Fingerprint Secure Portable Hard Drive #53650 Missing Trust
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01B), which then gets successfully executed by the USB-to-SATA bridge controller.

tags | advisory
advisories | CVE-2022-28383
SHA-256 | 5cf09b9a6a7dc17bc2bc9248633676029f1f2f7c319f1bda1a93395588b69053
Verbatim Fingerprint Secure Portable Hard Drive #53650 Risky Crypto
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data.

tags | advisory
advisories | CVE-2022-28382
SHA-256 | 5957d6ef4f65feb57e39fb3699989b7271db9a941fefc0a0ecfcc6d07e41f538
Verbatim Fingerprint Secure Portable Hard Drive #53650 Risky Crypto
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out it uses an insecure design which allows retrieving the currently used password and thus the ability to unlock and access the stored data in an unauthorized way.

tags | advisory
advisories | CVE-2022-28387
SHA-256 | bf98542c479e3621d63c8f97f240d1176143d928dd39fcee82bda83c3c2f65d1
Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 Risky Crypto
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data.

tags | advisory
advisories | CVE-2022-28382
SHA-256 | 859d87ae63633787bdbe010be7b03817fc47a4dc9d6e5a47c6b19c31de4fe3cc
Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 Risky Crypto
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out it uses an insecure design which allows retrieving the currently used password and thus the ability to unlock and access the stored data in an unauthorized way.

tags | advisory
advisories | CVE-2022-28387
SHA-256 | 6d66162caa87e1410113575c6a6d6f93e01bfe781f0ffa5dbe090641a9dac682
Verbatim Store N Go Secure Portable HDD GD25LK01-3637-C VER4.0 Behavior Violation
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the external SSD Verbatim Store n Go Secure Portable HDD, Matthias Deeg found out that the device will not lock and require reformatting after 20 failed passcode attempts, as described in the product description] and the corresponding user manual. Thus, an attacker with physical access to such an external SSD can try more passcodes in order to unlock the device. During the security analysis, SySS could not find out how many failed passcode attempts would actually lock the device and require reformatting it, as this device state was never reached.

tags | advisory
advisories | CVE-2022-28386
SHA-256 | 2ceb86673a9c736cebd67a39527a5eb8f328102b032e0b9271b870c40377d572
Verbatim Store N Go Secure Portable HDD GD25LK01-3637-C VER4.0 Missing Trust
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the external SSD Verbatim Store n Go Secure Portable HDD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01D), which then gets successfully executed by the USB-to-SATA bridge controller. For instance, this security vulnerability could be exploited in a so-called "supply chain attack" when the device is still on its way to its legitimate user. An attacker with temporary physical access during the supply could program a modified firmware on the Verbatim Keypad Secure, which always uses an attacker-controlled AES key for the data encryption, for example. If, later on, the attacker gains access to the used USB drive, he can simply decrypt all contained user data.

tags | advisory
advisories | CVE-2022-28383
SHA-256 | 7098d1b68edc002a1e51f5c5258de96984b038b74b703b8420355811a28fb504
Verbatim Store N Go Secure Portable HDD GD25LK01-3637-C VER4.0 Risky Crypto
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the external SSD Verbatim Store 'n' Go Secure Portable HDD, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data.

tags | advisory
advisories | CVE-2022-28382
SHA-256 | 0a41b12ec159b56c4a817b283683266a073263b88ea74e74ebd6d5ec636346de
Verbatim Store N Go Secure Portable HDD GD25LK01-3637-C VER4.0 Risky Crypto
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the external SSD Verbatim Store n Go Secure Portable HDD, Matthias Deeg found out it uses an insecure design which allows for offline brute-force attacks against the passcode.

tags | advisory
advisories | CVE-2022-28384
SHA-256 | 992893d816c50c6e18dc3b87a2deb353082bfef3a9a95208d73963be95c513e7
Verbatim Keypad Secure USB 3.2 Gen 1 Drive Passcode Retry
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the USB drive Verbatim Keypad Secure, Matthias Deeg found out that the device will not lock and require reformatting after 20 failed passcode attempts, as described in the product description and the corresponding user manual. Thus, an attacker with physical access to such a USB drive can try more passcodes in order to unlock the device. During the security analysis, SySS could not find out how many failed passcode attempts would actually lock the device and require reformatting it, as this device state was never reached.

tags | advisory
advisories | CVE-2022-28386
SHA-256 | 804a05333025641223da065ca26bc382662a75dcb6a1c913f590cb580995be6e
Verbatim Keypad Secure USB 3.2 Gen 1 Drive ECB Issue
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the USB drive Verbatim Keypad Secure, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data.

tags | advisory
advisories | CVE-2022-28382
SHA-256 | 870e1158dd8a0f1a4262a0e47ae8e997a02f327d39289e77fef1eba7910be322
Verbatim Keypad Secure USB 3.2 Gen 1 Drive Missing Control
Posted Jun 19, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the USB drive Verbatim Keypad Secure version 3.2 Gen 1 Drive, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01D), which then gets successfully executed by the USB-to-SATA bridge controller.

tags | advisory
advisories | CVE-2022-28383
SHA-256 | 52c1bd34c6801f46e1bba55d25c92e6597c84cbd41ec64b03d514cd0fa54e98f
Verbatim Keypad Secure USB 3.2 Gen 1 Drive Cryptography Issue
Posted Jun 19, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the USB drive Verbatim Keypad Secure version 3.2 Gen 1 Drive, Matthias Deeg found out it uses an insecure design which allows for offline brute-force attacks against the passcode.

tags | advisory
advisories | CVE-2022-28384
SHA-256 | 3ed883a011f776ec342336cc3c9cfdade67dfbd44f04b20239f15f16a6dc912e
Razer Synapse 3.6.x DLL Hijacking
Posted Mar 28, 2022
Authored by Matthias Deeg, Dr. Oliver Schwarz | Site syss.de

Razer Synapse versions prior to 3.7.0228.022817 suffer from a dll hijacking vulnerability.

tags | exploit
advisories | CVE-2021-44226
SHA-256 | 002e65d1b8885606e6754a271ca91f9be7adcbea2fcaf38560beda10596e175d
Page 1 of 5
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close