Vulnerability Note VU#361684 Router devices do not implement sufficient UPnP authentication and security Original Release date: 31 Aug 2015 | Last revised: 31 Aug 2015 Overview Home routers implementing the UPnP protocol do not sufficiently randomize UUIDs in UPnP control URLs, or implement other UPnP security measures. Description The UPnP protocol allows automatic device discovery and interaction with devices on a network. The UPnP protocol was originally designed with the threat model of being on a private network ( not available to the WAN ) restricted to only authorized users, and therefore does not by default implement authentication
VU#525276: Philippine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 contain multiple vulnerabilities
Vulnerability Note VU#525276 Philippine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 contain multiple vulnerabilities Original Release date: 31 Aug 2015 | Last revised: 31 Aug 2015 Overview The Phillipine Long Distance Telephone (PLDT) company provides internet access in the Phillippines. The SpeedSurf 504AN and Kasda KW58293 modems distributed by PLDT contains multiple vulnerabilities. Description PLDT provides SpeedSurf 504AN, firmware version GAN9.8U26-4-TX-R6B018-PH.EN, and the Kasda KW58293, to customers for internet access.
Vulnerability Note VU#950576 DSL routers contain hard-coded “XXXXairocon” credentials Original Release date: 25 Aug 2015 | Last revised: 25 Aug 2015 Overview DSL routers by ASUS, DIGICOM, Observa Telecom , Philippine Long Distance Telephone (PLDT), and ZTE contain hard-coded ” XXXXairocon ” credentials Description CWE-798 : Use of Hard-coded Credentials DSL routers, including the ASUS DSL-N12E , DIGICOM DG-5524T , Observa Telecom RTA01N , Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN, and ZTE ZXV10 W300 contain hard-coded credentials that are useable in the telnet service on the device. In the ASUS, DIGICOM, Observa Telecom, and ZTE devices, the username is ” admin ,” in the PLDT device, the user name is ” adminpldt ,” and in all affected devices, the password is ” XXXXairocon ” where ” XXXX ” is the last four characters of the device’s MAC address. The MAC address may be obtainable over SNMP with community string public
Vulnerability Note VU#276148 Dedicated Micros DVR products use plaintext protocols and require no password by default Original Release date: 20 Aug 2015 | Last revised: 20 Aug 2015 Overview Dedicated Micros DVR products, including the DV-IP Express, SD Advanced, SD, EcoSense, and DS2, by default use plaintext protocols and require no password. Description CWE-311 : Missing Encryption of Sensitive Data Dedicated Micros DVR products by default use HTTP, telnet, and FTP rather than secure alternatives, making it the responsibility of the end user to configure a device securely. Sensitive data may be viewed or modified in transit by unauthorized attackers
I missed yesterday’s daily video due to an offsite meeting, so today’s episode contains two important stories; an emergency update to fix a zero day vulnerability in Internet Explorer (IE) and the latest update to the Ashley Madison breach. If you run a Microsoft network, or you know anyone that had an account on Ashley Madison, you’ll want to watch the video below to learn what you can do to protect yourself from attackers.
Vulnerability Note VU#248692 Trend Micro Deep Discovery threat appliance contains multiple vulnerabilities Original Release date: 18 Aug 2015 | Last revised: 18 Aug 2015 Overview Multiple versions of the Trend Micro Deep Discovery threat appliance are vulnerable to cross-site scripting and authentication bypass. Description The Trend Micro Deep Discovery platform “enables you to detect, analyze, and respond to today’s stealthy, targeted attacks in real time.” It may be deployed on a network as an appliance.
Vulnerability Note VU#300820 Cisco Prime Infrastructure contains SUID root binaries Original Release date: 17 Aug 2015 | Last revised: 17 Aug 2015 Overview The Cisco Prime Infrastructure version 2.2 contains two binaries with SUID root world-executable privileges, allowing any local user to execute arbitrary commands as root. Description CWE-276 : Incorrect Default Permissions Two binaries are included in Cisco Prime version 2.2 that run as SUID root with world-executable privileges. The commands are /opt/CSCOlumos/bin/runShellCommand /opt/CSCOlumos/bin/runShellAsRoot These commands may be used to run arbitrary commands as root by any local user
Two weeks ago, the Black Hat and DEF CON conferences unveiled tons of new security research, which means last week was packed with interesting security stories. If you find yourself falling behind on security news, and need a “one stop shop” to keep you up to date, this weekly video does just that