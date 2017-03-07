According to the reporter, multiple ACTi devices, including the D, B, I, and E series models, that use firmware version A1D-500-V6.11.31-AC are vulnerable to several issues. Other models may be affected. CWE-306: Missing Authentication for Critical Function - CVE-2017-3184



The issue is due to the device failing to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186).



CWE-598: Information Exposure Through Query Strings in GET Request - CVE-2017-3185



The web application uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.



CWE-521: Weak Password Requirements - CVE-2017-3186



Device uses non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.



For more information, please read the researcher's security advisory.