+49 89 89082-110

Advisories

NSIDE-SA-2024-002

Advisory: Authentication Bypass and Remote Code Execution in AXESS 5

Unauthenticated remote attackers can bypass authorization requirements and access

protected API endpoints. Those endpoints allows for remote code execution.

Details

=======


Affected Product: AXESS by Axiros

Affected Versions: 4.x, 5.0.0

Vulnerability Type: Unauthenticated Remote-Code Execution

Security Risk: CRITICAL

Vendor Status: FIXED

Fixed Version: 4.3.2, 5.0.3>=

Advisory Status: PUBLISHED

Advisory URL: https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-002

Advisory URL (text only): https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-002.txt

CVE ID: CVE-2024-33898


Introduction

============


AXESS is a carrier grade device management server, which allows to manage TR-069

and other USP devices. It is designed for Tier 1 and Tier 2 support operators

to assist end customers with their router installations.


Description

===========


NSIDE decided to wait with delay the disclosure of detailed information until

19th of September 2024.

For further information for detection and patches, please refer to Axiros'

security bulletin at [0]. 


Risk

====


Unauthenticated remote attackers can fully compromise  [...]
Von |2024-12-17T11:14:57+01:0017. Dezember 2024|
Weiterlesen

NSIDE-SA-2024-001

Advisory: Multiple Vulnerabilities in the GNCC GC2 Indoor Security Camera

The product is affected by multiple vulnerabilities that allow an attacker with

physical access to the device to extract Wi-Fi credentials and access an

administrative shell.


Details

=======


Affected Product: GNCC GC2 Indoor Security Camera

Affected Versions: no version specified by the vendor

Vulnerability Types: Exposed UART Port Transmits Wi-Fi Credentials, Interactive Shell Login Prompt Bypass, Same Root Password on All Devices

Security Risk: MEDIUM

Vendor Status: NOT ACKNOWLEDGED

Fixed Version: none

Advisory Status: PUBLISHED

Advisory URL: https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001

Advisory URL (text only): https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001.txt

CVE IDs: CVE-2024-31798, CVE-2024-31799, and CVE-2024-31800


Introduction

============


During security research NSIDE discovered multiple vulnerabilities in the GC2

Indoor Security Camera sold by GNCC. These vulnerabilities are of medium

severity and are only exploitable by an attacker with physical access to the

camera. NSIDE notified the vendor but did not receive  [...]
Von |2024-08-07T15:21:26+02:006. August 2024|
Weiterlesen

BLEIBEN SIE AUF DEM LAUFENDEN

Melden Sie sich zu unserem Newsletter an und erhalten Sie einmal im Quartal wichtige und interessante Neuigkeiten rund um das Thema Cyber Security.

KONTAKT

NSIDE ATTACK LOGIC GmbH
Landshuter Allee 8
80637 München
Tel.: +49 89 89082-110
E-Mail: info@nsideattacklogic.de

ÜBER UNS

Warum NSIDE?
Management
Karriere
Referenzen
Presse

LEISTUNGEN

Red Team Assessment
Purple Teaming
Penetration Testing
Phishing-Simulation

WISSEN

Blog
Advisories
Lexikon
FAQ
Newsletter

FOLGEN SIE UNS!

    

Impressum
Datenschutzerklärung

Ⓒ 2024 – NSIDE ATTACK LOGIC GmbH

Nach oben