Friday , August 12 2022

Systems WLAN with Critical Vulnerability | heise online


Many wireless presenter systems tend to face a number of critical weaknesses that allow attackers on the same network to hijack and patch the inventive. Mobile safety researchers have discovered a total of 16 weaknesses affecting inventions by at least eight manufacturers. These wireless portals often live in meeting rooms, allowing lecturers to connect their laptops or tablets via a web browser or app to view slides on related screens or projectors. To make things worse, according to the researchers, he added that ports of such type are often connected to the network so that attackers can access them from the public network and then take over by taking advantage of the gaps.

The safety researchers found the 16 weaknesses as they checked the Crestron presenter's AM-100 system. Weaknesses were found that not only related to this device and the AM-101 model similar, but also to products from other manufacturers. This is because all these devices use firmware from the manufacturer AWIND or Barco. Here are the basic programming errors that led to various weaknesses in the respective firmware of the various manufacturers.

Apart from the Crestron AM-100 (firmware version and the Crestron AM-101 (firmware, the gaps also affect the barco products wePresent WiPG- 1000P (firmware and wePresent WiPG. 1600W (if the firmware is older than version Also vulnerable is the ShareLink Extron 200 and 250 models (firmware and WIPS710 IT Teq AV products (firmware From the InFocus manufacturer's devices LiteShow3 (version 1.0.16 firmware) and LiteShow4 (firmware version are vulnerable. With the Optoma WPS-Pro and Blackbox HD WPS devices the firmware version has security gaps. With the SHARP PN-L703WA firmware is vulnerable.

The weaknesses can be seen as critical. The most dangerous one has a CVSSv2 baseline score of 8.3 out of 10 possible points. Some weaknesses affect the SNMP network protocol. Amongst other things, it is possible to operate malicious code and reset administrative passwords. Buffer overflow can be triggered through HTTP access and files can be downloaded from the public network to the device. In addition, many of the device's login and security features can be avoided in a variety of ways.

Not all gaps are applicable to all affected devices. A detailed list of all vulnerabilities and vulnerability systems to viewers in Tenable Security researchers report. Weaknesses have been assigned to the following CVE numbers: CVE-2019-3925, CVE-2019-3926, CVE-2019-3927, CVE-2019-3928, CVE-2019-3929, CVE-2019-3930 , CVE-2019- CVE-2019-3934, CVE-2019-3935, CVE-2019-3936, CVE-2019-3937, CVE-2019-3938, CVE-2019-3939, CVE-2019-3933 CVE-2017 -16,709. Tenable has discovered the gaps in mid-January. So far, firmware updates are secure from the manufacturers Barco and Extron. Creston intends to provide updates in the near future.

Many safety researchers are currently focusing on presenter systems. They have only recently had the opportunity security holes was not recorded in issue 8/2019 on the Logitech Wireless Presenter presentation tool.


Source link