Alecto IVM-100 2019-11-12 Information Disclosure
[Suggested description]An issue was discovered on Alecto IVM-100 2019-11-12 devices.
The device comes with a serial interface at the board level. By
attaching to this serial interface and rebooting the device, a large
amount of information is disclosed. This includes the view password
and the password of the Wi-Fi access point that the device used.
The device comes with a serial interface at the board level. By
attaching to this serial interface and rebooting the device, a large
amount of information is disclosed. This includes the view password
and the password of the Wi-Fi access point that the device used.
——————————————
[Vulnerability Type]Incorrect Access Control——————————————
[Vendor of Product]Alecto——————————————
[Affected Product Code Base]Alecto IVM-100 – unknown.——————————————
[Affected Component]Serial interface.——————————————
[Attack Type]Physical——————————————
[Impact Information Disclosure]true——————————————
[Attack Vectors]An attacker needs to open up the device and physically attach wires as well as reboot the device.——————————————
[Has vendor confirmed or acknowledged the vulnerability?]true——————————————
[Discoverer]Willem Westerhof, Jasper Nota, Martijn Baalman from Qbit cyber security in cooperation with The Dutch consumer organisation——————————————
[Reference]https://www.alecto.nlUse CVE-2019-20462.
آسیبپذیریهای جدید و وصلههای امنیتی بهصورت مداوم منتشر میشوند و عدم بروزرسانی بهموقع میتواند امنیت سرویسهای حیاتی را به خطر بیندازد. خدمات مدیریت و پشتیبانی سرور آفاق هاستینگ شامل پایش امنیتی، بروزرسانی نرمافزارها، نصب Patchهای امنیتی و سختسازی سرورها است.
خدمات مدیریت و امنیت سرور