An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device comes with a serial interface at the board level. By attaching to this serial interface and rebooting the device, a large amount of information is disclosed. This includes the view password and the password of the Wi-Fi access point that the device used.
b42befc858b86f3d8819791d933601caf73d18c43fef25ac1bf48bd2f453056c[Suggested description]
An issue was discovered on Alecto IVM-100 2019-11-12 devices.
The device comes with a serial interface at the board level. By
attaching to this serial interface and rebooting the device, a large
amount of information is disclosed. This includes the view password
and the password of the Wi-Fi access point that the device used.
------------------------------------------
[Vulnerability Type]
Incorrect Access Control
------------------------------------------
[Vendor of Product]
Alecto
------------------------------------------
[Affected Product Code Base]
Alecto IVM-100 - unknown.
------------------------------------------
[Affected Component]
Serial interface.
------------------------------------------
[Attack Type]
Physical
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
An attacker needs to open up the device and physically attach wires as well as reboot the device.
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with The Dutch consumer organisation
------------------------------------------
[Reference]
https://www.alecto.nl
Use CVE-2019-20462.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed