Technical Advisory – Arbitrary File Read in Dell Wyse Management Suite (CVE-2021-21586, CVE-2021-21587)

Vendor: Dell Vendor URL: https://www.dell.com/support/home/en-us/product-support/product/wyse-wms/drivers Versions affected: Prior to version 3.3 Systems Affected: Any Author: Stephen Tomkinson stephen.tomkinson@nccgroup.com Advisory URL / CVE Identifier: https://www.dell.com/support/kbdoc/en-us/000189363/dsa-2021-137-dell-wyse-management-suite-wms-security-update-for-multiple-vulnerabilities CVE-2021-21586, CVE-2021-21587 Risk: High – can lead to compromise of administrative sessions Summary Thin clients are often found in secure environments as their diskless operation reduces physical security risks. Wyse Management … Continue reading Technical Advisory – Arbitrary File Read in Dell Wyse Management Suite (CVE-2021-21586, CVE-2021-21587)

Technical Advisory – ParcelTrack sends all pasteboard data to ParcelTrack’s servers on startup

Vendor: ParcelTrack Vendor URL: https://www.parceltrack.de/ Versions affected: ParcelTrack Android Version 3.3, ParcelTrack iOS Version 3.3 Author: Dan Hastings – dan.hastings[at]nccgroup[dot]com Summary Upon start of the ParcelTrack application any data contained on the global pasteboard (iOS) or clipboard (Android) will be sent to Parcel Track’s servers. Impact Sensitive PII such as credit card numbers and passwords … Continue reading Technical Advisory – ParcelTrack sends all pasteboard data to ParcelTrack’s servers on startup

SAML XML Injection

The Single Sign-On (SSO) approach to authentication controls and identity management was quickly adopted by both organizations and large online services for its convenience and added security. The benefits are clear; for end-users, it is far easier to authenticate to a single service and gain access to all required applications. And for administrators, credentials and … Continue reading SAML XML Injection

Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)

Vendor: Dell / PC-Doctor Vendor URL: https://www.dell.com/support/contents/en-uk/article/product-support/self-support-knowledgebase/software-and-downloads/supportassist Versions affected: SupportAssist for Windows version 3.7 or higher, between 2020-08-28 and 2020-10-22 Systems Affected: Windows Author: richard.warren[at]nccgroup[dot]com Advisory URL: https://www.dell.com/support/kbdoc/000184012 CVE Identifier: CVE-2021-21518 Risk: CVSSv3.1: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Summary When running PC-Doctor modules, the Dell SupportAssist service attempted to load DLLs from a world-writable directory. Furthermore, it did … Continue reading Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)

Technical Advisory – Multiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE / GS116Ev2 Switches

Multiple vulnerabilities were found in Netgear ProSafe Plus JGS516PE switches that may pose a serious risk to their users. The most critical vulnerability could allow unauthenticated users to gain arbitrary code execution. The following vulnerabilities were the most relevant identified during the internal research: Unauthenticated Remote Code Execution (CVE-2020-26919)NSDP Authentication Bypass (CVE-2020-35231)Unauthenticated Firmware Update Mechanism … Continue reading Technical Advisory – Multiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE / GS116Ev2 Switches

Technical Advisory – Linksys WRT160NL – Authenticated Command Injection (CVE-2021-25310)

Current Vendor: Belkin (Linksys) Vendor URL: https://www.linksys.com/sg/p/P-WRT160NL/ Versions affected: 1.0.04 build 2 (FW_WRT160NL_1.0.04.002_US_20130619_code.bin) Systems Affected: Linksys WRT160NL Authors: Manuel Ginés - Manuel.Gines[at]nccgroup[dot]com && Diego Gómez Marañón – Diego.GomezMaranon[at]nccgroup[dot]com CVE Identifier: CVE-2021-25310 Risk: 8.8 (High) - AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Summary The Linksys WRT160NL is a switch device initially owned by Cisco and, after the sale of its respective … Continue reading Technical Advisory – Linksys WRT160NL – Authenticated Command Injection (CVE-2021-25310)

Domestic IoT Nightmares: Smart Doorbells

Preface Half way through 2020, UK independent consumer champion Which? magazine reached out to us and asked if we could assist investigating the security of a series of domestic IoT devices and to perform a vulnerability assessment of each device. The assessments included smart plugs and smart/connected doorbells. We also worked on a number of … Continue reading Domestic IoT Nightmares: Smart Doorbells