| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 26 Mar 2017 23:43:37 +0300 From: "MustLive" <mustlive@...security.com.ua> To: <submissions@...ketstormsecurity.org>, <fulldisclosure@...lists.org> Subject: [FD] Vulnerabilities in Transcend Wi-Fi SD Card Hello list! All your photos and videos are belong to me. If they are on Transcend flash card :-). There are Predictable Resource Location, Brute Force and Cross-Site Request Forgery vulnerabilities in Transcend Wi-Fi SD Card. ------------------------- Affected products: ------------------------- Vulnerable is the next model: Transcend Wi-Fi SD Card 16 GB, Firmware v.1.8. This model with other firmware versions and other Transcend models also can be vulnerable. ---------- Details: ---------- There are two modes of connection to the flash card: Direct Share and Internet Mode. In the first mode device with Wi-Fi is connected to this card, and in the second mode the card itself is connected to Wi-Fi devices (access point, router or smartphone with enabled Personal Hotspot) - then all computers on the LAN will have access to it. I will discuss the first mode, about the second will write in the next advisory. Predictable Resource Location (WASC-34): When you insert the card in digital camera and turn camera on, Wi-Fi operates immediately and one can connect to it in the Direct Share mode. By using default SSID and password. It is unlikely that the owner will change these settings. Software and documentation to the card don't give advices on changing this password or password to admin panel. It's possible to get access to all files on the card by using applications for iOS and Android. After starting the program it's only need to enter username and password for admin panel. Also in Direct Share mode it's possible to access in the browser to admin panel and access all files on the flash card. By using default username and password. Brute Force (WASC-11): There is no protection against BF attacks in admin panel 192.168.11.254, because Basic Authentication is used. It is unlikely that the owner will change login and password for admin panel. But if will change, then they can be picked up. Cross-Site Request Forgery (WASC-09): There are CSRF vulnerabilities in admin panel. Such as this one: in login process there is no captcha, so besides lack of protection against BF, also CSRF attack can be made. It's possible to remotely enter into admin panel (with default login and password) for conducting further CSRF attacks. <img src="http://admin:admin@....168.11.254"> ------------ Timeline: ------------ 2014.05.10 - found vulnerabilities in Transcend Wi-Fi SD Card 16 GB. 2015.08.01 - announced at my site. Later informed developers. 2017.01.28 - disclosed at my site (http://websecurity.com.ua/7900/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists