Security
Headlines
HeadlinesLatestCVEs

Source

Zero Science Lab

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Hidden Backdoor Account (Write Access)

The application has a hidden administrative account 'cmuser' that has no password and has write access permissions to the device. The user cmuser is not visible in Users menu list of the application.

Zero Science Lab
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Unauthenticated Config Download

The application is vulnerable to unauthenticated configuration disclosure when direct object reference is made to the backup archive file using an HTTP GET request. The only unknown part of the filename is the hostname of the system. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and full system access.

ECOA Building Automation System Missing Encryption Of Sensitive Information

The BAS controller stores sensitive data (backup exports) in clear-text.

ECOA Building Automation System Authorization Bypass / IDOR

The BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access the hidden resources in the system and execute privileged functionalities.

ECOA Building Automation System Arbitrary File Deletion

The BAS controller suffers from an arbitrary file deletion vulnerability. Using the 'cfile' GET parameter in fmanerdel, attackers can delete arbitrary files on the affected device and cause denial of service scenario.

ECOA Building Automation System Local File Disclosure Vulnerability

The BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.

ECOA Building Automation System Remote Privilege Escalation

The BAS controller is vulnerable to weak access control mechanism allowing any user to escalate privileges by disclosing credentials of administrative accounts in plain-text.

ECOA Building Automation System Hard-coded Credentials SSH Access

The BAS controller is vulnerable to hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device.

ECOA Building Automation System Hidden Backdoor Accounts and backdoor() Function

The BAS controller has hidden backdoors in several binaries that serve the web application. Any unauthenticated attacker can download all the resources and binaries/services that serve the controller and search for the 'backdoor()' function in httpser.elf as well as discover hidden credentials for backdoor access with full functionality of the Smart Home, Access Control and Building Automation System solutions.