search menu icon-carat-right cmu-wordmark

CERT Coordination Center


SysLINK M2M Modular Gateway contains multiple vulnerabilities

Vulnerability Note VU#822980

Original Release Date: 2016-04-22 | Last Revised: 2016-04-22

Overview

The SysLINK SL-1000 M2M (Machine-to-Machine) Modular Gateway contains multiple vulnerabilities.

Description

According to the researcher, the SysLINK SL-1000 M2M Modular Gateway contains multiple vulnerabilities:

CWE-259: Use of Hard-coded Password - CVE-2016-2331

By default, the device's web interface uses a default password across all devices and does not prompt the administrator to change that password.

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') - CVE-2016-2332

The device's web interface runs as the root user and is vulnerable to command injection via an authenticated POST request to flu.cgi. The parameter "5066" (dnsmasq) is vulnerable to injection. Commands are constructed and run as the root user.

CWE-321: Use of Hard-coded Cryptographic Key - CVE-2016-2333

The device uses an encryption key that is hard-coded and believed to be static across the entire device population.

The CERT/CC has been unable to confirm these vulnerabilities with the vendor. It is also unclear if models other than the SL-1000 are affected.

Impact

An unauthenticated remote attacker with knowledge of the password may obtain root access to the device.

Solution

Apply an update

According to the reporter, affected users should update to firmware version 01A.8 which addresses these issues. CERT/CC has reached out to Systech to confirm this information.

Additionally, affected users may consider the following workarounds and mitigations:

Restrict Network Access

As a general good security practice, only allow connections from trusted hosts and networks. Consult your firewall product's manual for more information.

Vendor Information

822980
Expand all

Systech

Notified:  April 18, 2016 Updated:  April 22, 2016

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

According to the reporter, affected users should update to firmware version 01A.8 which addresses these issues. CERT/CC has reached out to Systech to confirm this information.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal 9.5 E:F/RL:U/RC:C
Environmental 7.1 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Roman Faynberg and Jeremy Allen of Carve Systems for reporting this vulnerability.

This document was written by Garret Wassermann.

Other Information

CVE IDs: CVE-2016-2331, CVE-2016-2332, CVE-2016-2333
Date Public: 2016-04-22
Date First Published: 2016-04-22
Date Last Updated: 2016-04-22 17:37 UTC
Document Revision: 28

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.