Headline
CVE-2023-47579: Vulnerability Report
Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system.
[Suggested description] CVE-2023-47573
A vulnerability has been identified in Relyum RELY-PCIe 22.2.1 devices. The authorization mechanism is not enforced in the web interface, allowing a low-privileged user to execute administrative functions.
- Vulnerability Type: Incorrect Access Control
- Vendor of Product: System-on-Chip engineering S.L.
- Affected Product Code Base: RELY-PCIe – 22.2.1
- Affected Component: Web server of the equipment
- Attack Type: Remote
- Impact: Escalation of Privileges
- Attack Vectors: An attacker can change settings, including administrative passwords.
- Vendor Confirmation: True
- Discoverer: Michael Messner
[Suggested description] CVE-2023-47574
A vulnerability exists in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices due to a Weak SMB configuration with signing disabled.
- Vulnerability Type: Incorrect Access Control
- Vendor of Product: System-on-Chip engineering S.L.
- Affected Product Code Base: RELY-PCIe – 22.2.1, RELY-REC – 23.1.0
- Attack Type: Remote
- Impact: Information Disclosure
- Attack Vectors: Possible man-in-the-middle attacks.
- Vendor Confirmation: True
- Discoverer: Michael Messner
[Suggested description] CVE-2023-47575
Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are vulnerable to reflected XSS in their web interfaces.
- Vulnerability Type: Cross Site Scripting (XSS)
- Vendor of Product: System-on-Chip engineering S.L.
- Affected Product Code Base: RELY-PCIe – 22.2.1, RELY-REC – 23.1.0
- Affected Component: Impact on web visualization
- Attack Type: Remote
- CVE Impact: Other (impact on web visualization)
- Attack Vectors: Attacker can perform arbitrary actions on the web application.
- Vendor Confirmation: True
- Discoverer: Michael Messner
[Suggested description] CVE-2023-47576
A vulnerability is present in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices, allowing authenticated command injection through the web interface.
- Vulnerability Type: Command Injection
- Vendor of Product: System-on-Chip engineering S.L.
- Affected Product Code Base: RELY-PCIe – 22.2.1, RELY-REC – 23.1.0
- Affected Component: Web server of the equipment
- Attack Type: Remote
- Impact: Code execution, Escalation of Privileges
- Attack Vectors: Attacker can execute commands as the www-data system user.
- Vendor Confirmation: True
- Discoverer: Michael Messner
[Suggested description] CVE-2023-47577
Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices have a vulnerability where there is no check for the current password, allowing unauthorized password changes.
- Vulnerability Type: No Check for Current Password
- Vendor of Product: System-on-Chip engineering S.L.
- Affected Product Code Base: RELY-PCIe – 22.2.1, RELY-REC – 23.1.0
- Affected Component: Web, Command Line Interface
- Attack Type: Remote
- Impact: Escalation of Privileges
- Attack Vectors: Attacker can change passwords without knowing the current password.
- Vendor Confirmation: True
- Discoverer: Michael Messner
[Suggested description] CVE-2023-47578
Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to Cross Site Request Forgery (CSRF) attacks due to the absence of CSRF protection in the web interface.
- Vulnerability Type: Cross Site Request Forgery (CSRF)
- Vendor of Product: System-on-Chip engineering S.L.
- Affected Product Code Base: RELY-PCIe – 22.2.1, RELY-REC – 23.1.0
- Affected Component: Web interface
- Attack Type: Remote
- CVE Impact: Other (CSRF)
- Attack Vectors: Attacker can force the victim to perform actions without detection, potentially combined with other vulnerabilities.
- Vendor Confirmation: True
- Discoverer: Michael Messner
[Suggested description] CVE-2023-47579
Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system.
- Vulnerability Type: Incorrect Access Control, Misconfiguration
- Vendor of Product: System-on-Chip engineering S.L.
- Affected Product Code Base: RELY-PCIe – 22.2.1
- Attack Type: Remote
- Impact: Escalation of Privileges
- Attack Vectors: Password hashes extraction via other vulnerabilities.
- Vendor Confirmation: True
- Discoverer: Michael Messner
[Suggested description] CVE-2021-44142, CVE-2017-7494, and CVE-2015-3200
Relyum devices use outdated software components with known vulnerabilities, leaving them exposed to potential exploits.
- Vulnerability Type: Outdated Software Components
- Vendor of Product: System-on-Chip engineering S.L.
- Affected Product Code Base: RELY-PCIe – 22.2.1, RELY-REC – 23.1.0
- Affected Component: Relyum-outdated software components with known vulnerabilities
- Attack Type: Remote
- CVE Impact: None
- Attack Vectors: Remote compromise of the device (depends on the vulnerable component and the configuration).
- Vendor Confirmation: True
- Discoverer: Michael Messner
Related news
Gentoo Linux Security Advisory 202309-6 - Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution. Versions greater than or equal to 4.18.4 are affected.
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
The health, manufacturing, and energy sectors are the most vulnerable to ransomware.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content.
An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection can be achieved by an admin.
Implemented protections on AWS credentials that were not properly protected.
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.