CERTVU:822980SysLINK M2M Modular Gateway contains multiple vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
74.4%
Overview
The SysLINK SL-1000 M2M (Machine-to-Machine) Modular Gateway contains multiple vulnerabilities.
Description
According to the researcher, the SysLINK SL-1000 M2M Modular Gateway contains multiple vulnerabilities:
CWE-259: Use of Hard-coded Password - CVE-2016-2331
By default, the device’s web interface uses a default password across all devices and does not prompt the administrator to change that password.
CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’) - CVE-2016-2332
The device’s web interface runs as the root user and is vulnerable to command injection via an authenticated POST request to flu.cgi. The parameter “5066” (dnsmasq) is vulnerable to injection. Commands are constructed and run as the root user.
CWE-321: Use of Hard-coded Cryptographic Key - CVE-2016-2333
The device uses an encryption key that is hard-coded and believed to be static across the entire device population.
The CERT/CC has been unable to confirm these vulnerabilities with the vendor. It is also unclear if models other than the SL-1000 are affected.
Impact
An unauthenticated remote attacker with knowledge of the password may obtain root access to the device.
Solution
Apply an update
According to the reporter, affected users should update to firmware version 01A.8 which addresses these issues. CERT/CC has reached out to Systech to confirm this information.
Additionally, affected users may consider the following workarounds and mitigations:
Restrict Network Access
As a general good security practice, only allow connections from trusted hosts and networks. Consult your firewall product’s manual for more information.
Vendor Information
822980
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Systech __ Affected
Notified: April 18, 2016 Updated: April 22, 2016
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
According to the reporter, affected users should update to firmware version 01A.8 which addresses these issues. CERT/CC has reached out to Systech to confirm this information.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Temporal | 9.5 | E:F/RL:U/RC:C |
| Environmental | 7.1 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
Thanks to Roman Faynberg and Jeremy Allen of Carve Systems for reporting this vulnerability.
This document was written by Garret Wassermann.
Other Information
| CVE IDs: | CVE-2016-2331, CVE-2016-2332, CVE-2016-2333 |
|---|---|
| Date Public: | 2016-04-22 Date First Published: |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
74.4%