Multiple vulnerabilities in Racom MIDGE Firmware



Published: 2021-02-17
Risk Medium
Patch available NO
Number of vulnerabilities 9
CVE-ID CVE-2021-20067
CVE-2021-20068
CVE-2021-20069
CVE-2021-20070
CVE-2021-20071
CVE-2021-20072
CVE-2021-20073
CVE-2021-20074
CVE-2021-20075
CWE-ID CWE-200
CWE-79
CWE-22
CWE-352
CWE-78
CWE-264
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #5 is available.
Public exploit code for vulnerability #6 is available.
Public exploit code for vulnerability #7 is available.
Public exploit code for vulnerability #8 is available.
Public exploit code for vulnerability #9 is available.
Vulnerable software
Subscribe
MIDGE
Hardware solutions / Firmware

Vendor RACOM

Security Bulletin

This security bulletin contains information about 9 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU50762

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-20067

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can view sensitive syslog events without authentication.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

MIDGE: 4.4.40.105


CPE2.3 External links

http://www.tenable.com/security/research/tra-2021-04

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Stored cross-site scripting

EUVDB-ID: #VU50763

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-20068

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the "setError" function in "/var/log/nblog" file. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

MIDGE: 4.4.40.105


CPE2.3 External links

http://www.tenable.com/security/research/tra-2021-04

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Stored cross-site scripting

EUVDB-ID: #VU50764

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-20069

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the "checkHost" function in "regionalSettings.php". A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

MIDGE: 4.4.40.105


CPE2.3 External links

http://www.tenable.com/security/research/tra-2021-04

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Stored cross-site scripting

EUVDB-ID: #VU50765

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-20070

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the "install_url" parameter. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

MIDGE: 4.4.40.105


CPE2.3 External links

http://www.tenable.com/security/research/tra-2021-04

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Stored cross-site scripting

EUVDB-ID: #VU50766

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-20071

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the "number" parameter in Virtualization.php. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

MIDGE: 4.4.40.105


CPE2.3 External links

http://www.tenable.com/security/research/tra-2021-04

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Path traversal

EUVDB-ID: #VU50767

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-20072

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the configuration and tcpdump download functionality. A remote administrator can send a specially crafted HTTP request and read or delete arbitrary files on the system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

MIDGE: 4.4.40.105


CPE2.3 External links

http://www.tenable.com/security/research/tra-2021-04

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Cross-site request forgery

EUVDB-ID: #VU50768

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-20073

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

MIDGE: 4.4.40.105


CPE2.3 External links

http://www.tenable.com/security/research/tra-2021-04

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) OS Command Injection

EUVDB-ID: #VU50769

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-20074

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote authenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

MIDGE: 4.4.40.105


CPE2.3 External links

http://www.tenable.com/security/research/tra-2021-04

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU50770

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-20075

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in "configd", which leads to security restrictions bypass and privilege escalation.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

MIDGE: 4.4.40.105


CPE2.3 External links

http://www.tenable.com/security/research/tra-2021-04

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###