CVE-2023-25368: Siglent Oscilloscope Unauthenticated Firmware Overwrite via Access Control Error

CVE-2023-25368 Key Information Description The vulnerability in Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is due to improper access control, allowing unauthenticated attackers to overwrite firmware. Discovery Information Date: December 2022 Discoverer: Bret McDaniel Affected Versions Affects at least version SDS1xx4X-E_V6.1.37R9.ADS; earlier versions may also be impacted. The issue was reportedly fixed in May 2023. It is unknown whether other devices are affected, as researchers could not test them during their investigation. Background SIGLENT SDS1000X-E is a dual-channel and four-channel oscilloscope running on an embedded Linux system to control various functions. It features an Ethernet port, optional USB WiFi, and an integrated web server. Reference Links https://siglent.com Vulnerability Type CWE-284: Improper Access Control Affected Ports Web Port: 80 (TCP) Discussion Two PHP scripts do not require authentication. One script enables firmware upload, while the other prepares and installs the firmware on the next reboot. : Requires the file to be sent with the "application/octet-stream" content type and must end with ".ADS". : Accepts certain commands that unpack and prepare the firmware for installation, based on information output by . Although the firmware is encrypted using a modified DES algorithm, existing firmware can be easily unpacked and repackaged into new, valid firmware files using publicly available tools that have been known for over a decade. Proof of Concept Language: PowerShell Mitigation Users are advised to upgrade to the latest firmware version. Additionally, IoT devices should be placed on isolated networks, and access to affected ports from untrusted hosts should be blocked.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-25368: Siglent Oscilloscope Unauthenticated Firmware Overwrite via Access Control Error

More from this source