5/9/2017

May 2017 – Vulnerabilities in Consumer Devices

More and more, security organizations report cyber security vulnerabilities in devices that are not exactly computers. Those devices may include routers, video cameras, and other “internet of things” gadgets. 

It is critically important to know that your home devices with access to the internet are secured. Some of these weaknesses could be related to well-known default user ID and password combinations or whereas, some devices do not even have patching capabilities making people permanently vulnerable. 

Digital Edge is monitoring known vulnerabilities in consumer devices and notifying our friends and colleagues about such cases. 

DEVICE
VULNERABILITY TYPE
SUGGESTED MITIGATION
D-Link and Netgear devices running open source FIRMADYNE OS Buffer overflow & authentication bypass vulnerability.

See CVE for more details: https://nvd.nist.gov/vuln/detail/CVE-2016-1558

Ensure that devices cannot be managed from the internet. Contact the Digital Edge Security Team, if you need assistance to patch your device.
D-Link running firmware W1000CN-00, W1000CN-03, W2000EN-00 Disclosure of User IDs, Passwords & other valuable information.

See CVE for more details: https://nvd.nist.gov/vuln/detail/CVE-2015-7247

Ensure that devices cannot be managed from the internet. Contact the Digital Edge Security Team, if you need assistance to patch your device.

Google Android Allows network user to cause denial of service.

See CVE for more details: https://nvd.nist.gov/vuln/detail/CVE-2015-7247

As of 5/4/2017, there are no patches for this vulnerability.

NetGear running wndap210v2 firmware Allows remote hacking attempts.

See CVE for more details: https://nvd.nist.gov/vuln/detail/CVE-2016-1555

Ensure that devices cannot be managed from the internet. Contact the Digital Edge Security Team, if you need assistance to patch your device.

TP-Link running TL-SG108E firmware Allows decryption. The protocol is obsolete. You may consider replacing the device.
D-Link DCS cameras Allows to change device settings. See CVE for more details: https://nvd.nist.gov/vuln/detail/CVE-2017-7852

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Was this article helpful?
Michael Petrov
Founder, Chief Executive Officer

Michael brings 30 years of experience as an information architect, optimization specialist and operations’ advisor. His experience includes extensive high-profile project expertise, such as mainframe and client server integration for Mellon Bank, extranet systems for Sumitomo Bank, architecture and processing workflow for alternative investment division of US Bank. Michael possesses advanced knowledge of security standards such as ISO 27001, NIST, SOC and PCI that brings into any solutions delivered by Digital Edge. Security solutions and standards are expended into public cloud such as AWS and Azure.

LET'S TALK: 800-714-5143