Security
Headlines
HeadlinesLatestCVEs

Headline

Alecto IVM-100 2019-11-12 Information Disclosure

An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device comes with a serial interface at the board level. By attaching to this serial interface and rebooting the device, a large amount of information is disclosed. This includes the view password and the password of the Wi-Fi access point that the device used.

Packet Storm
Open in Source
#vulnerability#wifi

[Suggested description]
An issue was discovered on Alecto IVM-100 2019-11-12 devices.
The device comes with a serial interface at the board level. By
attaching to this serial interface and rebooting the device, a large
amount of information is disclosed. This includes the view password
and the password of the Wi-Fi access point that the device used.

[Vulnerability Type]
Incorrect Access Control

[Vendor of Product]
Alecto

[Affected Product Code Base]
Alecto IVM-100 - unknown.

[Affected Component]
Serial interface.

[Attack Type]
Physical

[Impact Information Disclosure]
true

[Attack Vectors]
An attacker needs to open up the device and physically attach wires as well as reboot the device.

[Has vendor confirmed or acknowledged the vulnerability?]
true

[Discoverer]
Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with The Dutch consumer organisation

[Reference]
https://www.alecto.nl

Use CVE-2019-20462.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution
Packet Storm