SB2018120405 - Multiple vulnerabilities in Siglent SDS 1202X-E

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018120405

SB2018120405 - Multiple vulnerabilities in Siglent SDS 1202X-E

Published: December 4, 2018

Security Bulletin ID SB2018120405
Severity
High
Patch available
NO
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Use of hardcoded password (backdoor) (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain full access to the affected system.

The vulnerability exists due to the password hashes are hardcoded and are difficult to change because the “shadow” file is stored on a cramfs (intentionally write-only) file system. A remote unauthenticated attacker can connect as root to the oscilloscope via LAN when Telnet service is listening on port 23.


2) Authentication bypass (CVE-ID: N/A)

The vulnerability allows a remote attacker to bypass authentication on the affected system.

The vulnerability exists due to the software “EasyScopeX” can be used from any computer in the network to configure and interact with the oscilloscope. A remote unauthenticated attacker can bypass authentication and change settings on the oscilloscope.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References