Vulnerability Note VU#899080 Zhuhai Raysharp firmware for DVRs from multiple vendors contains hard-coded credentials Original Release date: 17 Feb 2016 | Last revised: 18 Feb 2016 Overview Digital Video Recorders (DVRs), security cameras, and possibly other devices from multiple vendors use a firmware derived from Zhuhai RaySharp that contains a hard-coded root password. Description CWE-259 : Use of Hard-coded Password – CVE-2015-8286 According to the reporter, DVR devices based on the Zhuhai RaySharp firmware contain a hard-coded root password
VU#507216: Hirschmann "Classic Platform" switches reveal administrator password in SNMP community string by default
Vulnerability Note VU#507216 Hirschmann “Classic Platform” switches reveal administrator password in SNMP community string by default Original Release date: 16 Feb 2016 | Last revised: 16 Feb 2016 Overview Hirschmann “Classic Platform” switches contain a password sync feature that syncs the switch administrator password with the SNMP community password, exposing the administrator password to attackers on the local network. Description CWE-257 : Storing Passwords in a Recoverable Format For all Hirschmann (part of Belden) “Classic Platform” switches (which includes the MACH series workgroup switches, among others), by default, the switch administrator password is used to construct an SNMP community string that allows remote management of some switch configuration
VU#327976: Cisco Adaptive Security Appliance (ASA) IKEv1 and IKEv2 contains a buffer overflow vulnerability
Vulnerability Note VU#327976 Cisco Adaptive Security Appliance (ASA) IKEv1 and IKEv2 contains a buffer overflow vulnerability Original Release date: 11 Feb 2016 | Last revised: 11 Feb 2016 Overview Cisco Adaptive Security Appliance (ASA) Internet Key Exchange versions 1 and 2 (IKEv1 and IKEv2) contains a buffer overflow vulnerability that may be leveraged to gain remote code execution. Description CWE-119 : Improper Restriction of Operations within the Bound of a Memory Buffer – CVE-2016-1287 According to the advisory by Exodus Intelligence : The algorithm for re-assembling IKE payloads fragmented with the Cisco fragmentation protocol contains a bounds-checking flaw that allows a heap buffer to be overflowed with attacker-controlled data. A sequence of payloads with carefully chosen parameters causes a buffer of insufficient size to be allocated in the heap which is then overflowed when fragment payloads are copied into the buffer
Vulnerability Note VU#544527 OpenELEC and RasPlex have a hard-coded SSH root password Original Release date: 02 Feb 2016 | Last revised: 02 Feb 2016 Overview OpenELEC and derivatives utilize a hard-coded default root password, and enable SSH root access by default. Description CWE-259 : Use of Hard-coded Password OpenELEC has a hard-coded root password. The root partition is by default read-only, preventing a user from changing the password once installed; furthermore, SSH access is enabled by default
VU#972224: Huawei Mobile WiFi E5151 and E5186 routers use insufficiently random values for DNS queries
Vulnerability Note VU#972224 Huawei Mobile WiFi E5151 and E5186 routers use insufficiently random values for DNS queries Original Release date: 01 Feb 2016 | Last revised: 01 Feb 2016 Overview Huawei Mobile WiFi E5151, firmware version 21.141.13.00.1080, and E5186, firmware version V200R001B306D01C00, use insufficiently random values for DNS queries and are vulnerable to DNS spoofing attacks. Description CWE-330 : Use of Insufficiently Random Values – CVE-2015-8265 Huawei Mobile WiFi E5151 and E5186 routers use static source ports for all DNS queries originating from the local area network (LAN).
Vulnerability Note VU#257823 OpenSSL re-uses unsafe prime numbers in Diffie-Hellman protocol Original Release date: 28 Jan 2016 | Last revised: 28 Jan 2016 Overview OpenSSL may generate unsafe primes for use in the Diffie-Hellman protocol, which may lead to disclosure of enough information for an attacker to recover the private encryption key.
Jonathan Zittrain proposes a very interesting hypothetical: Suppose a laptop were found at the apartment of one of the perpetrators of last year’s Paris attacks. It’s searched by the authorities pursuant to a warrant, and they find a file on the laptop that’s a set of instructions for carrying out the attacks. The discovery would surely help in the prosecution of the laptop’s owner, tying him to the crime.
Vulnerability Note VU#913000 Samsung SRN-1670D camera contains multiple vulnerabilities Original Release date: 12 Jan 2016 | Last revised: 12 Jan 2016 Overview The Samsung SRN-1670D camera contains multiple vulnerabilities. Description CWE-264 : Permissions, Privileges, and Access Controls – CVE-2015-8279 An undocumented PHP request may be used to read arbitrary files from the system. CWE-200 : Information Exposure – CVE-2015-8280 The interface provides too many details in errors messages, which may allow an attacker to determine user credentials.
VU#418072: Comcast XFINITY Home Security fails to properly handle wireless communications disruption
Vulnerability Note VU#418072 Comcast XFINITY Home Security fails to properly handle wireless communications disruption Original Release date: 05 Jan 2016 | Last revised: 05 Jan 2016 Overview Comcast XFINITY Home Security does not fail securely, which may be leveraged to avoid triggering alarm events. Description CWE-636 : Not Failing Securely (‘Failing Open’) Comcast XFINITY Home Security system components use the ZigBee communication protocol over a 2.4 GHz radio frequency band to maintain state between sensors and the base station. When component communications are disrupted, the system does not trigger any alerts and additionally may take from minutes to hours to re-establish communications, during which time no alarm escalation occurs
Vulnerability Note VU#640184 Juniper ScreenOS contains multiple vulnerabilities Original Release date: 21 Dec 2015 | Last revised: 21 Dec 2015 Overview Juniper Networks ScreenOS versions 6.3.0r17 through 6.3.0r20 allows unauthorized remote administration access to the device.