what you don't know can hurt you
Showing 1 - 13 of 13 RSS Feed

Files from Jim Becher

First Active2020-11-20
Last Active2021-05-27
CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy (SCP).

tags | exploit
advisories | CVE-2021-33216
MD5 | ba631713fa893c049bed8ca418aac150
CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files on the IoT Controller. With the elevated privileges the web application runs as, this allowed for reading and writing to any file on the IoT Controller filesystem.

tags | exploit, web, local
advisories | CVE-2021-33217
MD5 | 01f76e2f3cd29c5598a0f1af3ea32c57
CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

A Python script (web.py) for a Dockerized webservice contains a directory traversal vulnerability, which can be leveraged by an authenticated attacker to view the contents of directories on the IoT Controller.

tags | exploit, web, python
advisories | CVE-2021-33215
MD5 | 2724d4df92c848a08c44acdbe877cbba
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

An undocumented, administrative-level, hard-coded web application account exists in the IoT Controller OVA which cannot be changed by the customer.

tags | exploit, web
advisories | CVE-2021-33219
MD5 | e932d35bc4e7719d825ba1be4bb7279d
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

Hard-coded, system-level credentials exist on the Ruckus IoT Controller OVA image, and are exposed to attackers who mount the filesystem.

tags | exploit
advisories | CVE-2021-33218
MD5 | 5740648678f15b7f6412ea99e50e0f72
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

API keys for CommScope Ruckus are included in the IoT Controller OVA image, and are exposed to attackers who mount the filesystem.

tags | exploit
advisories | CVE-2021-33220
MD5 | a371c9a3579a7e44179b80583f8b88ba
CommScope Ruckus IoT Controller 1.7.1.0 Unauthenticated API Endpoints
Posted May 27, 2021
Authored by Jim Becher | Site korelogic.com

Three API endpoints for the IoT Controller are accessible without authentication. Two of the endpoints result in information leakage and consumption of computing/storage resources. The third API endpoint that does not require authentication allows for a factory reset of the IoT Controller.

tags | exploit
advisories | CVE-2021-33221
MD5 | 9b7f6d3b4a6ae1280473eadd42878e24
Barco wePresent Insecure Firmware Image
Posted Nov 20, 2020
Authored by Matthew Bergin, Jim Becher | Site korelogic.com

Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have firmware that does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images.

tags | exploit
advisories | CVE-2020-28332
MD5 | e4383abb6fd7cd3fb13e1ebe4da07b84
Barco wePresent Global Hardcoded Root SSH Password
Posted Nov 20, 2020
Authored by Jim Becher | Site korelogic.com

Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have a hardcoded root password hash included in the firmware image.

tags | exploit, root
advisories | CVE-2020-28334
MD5 | f546a4da12e5bb23b7138a0af23f3ff1
Barco wePresent Undocumented SSH Interface
Posted Nov 20, 2020
Authored by Jim Becher | Site korelogic.com

Barco wePresent WiPG-1600W version 2.5.1.8 has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots.

tags | exploit, web
advisories | CVE-2020-28331
MD5 | 86102878b47498e5776df9ed90a4a19a
Barco wePresent Authentication Bypass
Posted Nov 20, 2020
Authored by Jim Becher | Site korelogic.com

The Barco wePresent WiPG-1600W version 2.5.1.8 web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET requests. Thus the "SEID" would be exposed in web proxy logs and browser history. An attacker that is able to capture the "SEID" and originate requests from the same IP address (via a NAT device or web proxy) would be able to access the user interface of the device without having to know the credentials.

tags | exploit, web
advisories | CVE-2020-28333
MD5 | 50b164f3cff95d8cf4dd33881f7f36e0
Barco wePresent Admin Credential Exposure
Posted Nov 20, 2020
Authored by Jim Becher | Site korelogic.com

An attacker armed with hardcoded API credentials from KL-001-2020-004 (CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp for Barco wePresent WiPG-1600W version 2.5.1.8.

tags | exploit, web, tcp
advisories | CVE-2020-28329, CVE-2020-28330
MD5 | 3ad24677ecaeff25f5cac17ee343f4a9
Barco wePresent Hardcoded API Credentials
Posted Nov 20, 2020
Authored by Jim Becher | Site korelogic.com

Barco wePresent device firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Versions affected include 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19.

tags | exploit
advisories | CVE-2020-28329
MD5 | d74c6a09cbb7c6a83ef51442ad6f046a
Page 1 of 1
Back1Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    9 Files
  • 17
    Jun 17th
    33 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close