Multiple vulnerabilities in Siglent SDS 1202X-E

Published: 2018-12-04

Risk	High
Patch available	NO
Number of vulnerabilities	2
CVE-ID	N/A
CWE-ID	CWE-259 CWE-592
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	SDS 1202X-E Hardware solutions / Firmware
Vendor	Siglent Technology

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Use of hardcoded password (backdoor)

EUVDB-ID: #VU16229

Risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: N/A

CWE-ID: CWE-259 - Use of Hard-coded Password

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain full access to the affected system.

The vulnerability exists due to the password hashes are hardcoded and are difficult to change because the “shadow” file is stored on a cramfs (intentionally write-only) file system. A remote unauthenticated attacker can connect as root to the oscilloscope via LAN when Telnet service is listening on port 23.

Mitigation

Cybersecurity Help is currently unaware of any official solutions to address the vulnerability.

Vulnerable software versions

SDS 1202X-E: 5.1.3.13

External links

http://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-siglent-technologies-sds-...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Authentication bypass

EUVDB-ID: #VU16230

Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]