Vulnerabilities Discovered and Reported

One of my primary goals has been to make the IoT a safer place. In this initiative, I also look proactively for IoT vulnerabilities before a Black hat can get hold of them. If I discover a vulnerability, I responsibly disclose it with the vendor / national CERTs and get the issue fixed.

 

 

1. CVE-2018-10618 [ Router, Davolink] - I found a security issue with Davolink router, a vendor based in South Korea, which allowed an attacker to get access to the device password which would lead to total control of the device. The vendor patched the bug after we reported it.

 

2. CVE-2018-14796 [Smart Cooling device, Tec4data] -  A denial of service vulnerability was disclosed in smart cooling devices of Tec4data, an Austria based organization. The devices were patched after responsible disclosure.

3. CVE-2018-7900 [ Router, Huawei] – Information leak vulnerability effecting thousands of devices was disclosed to Huawei, a leading manufacturer of IoT devices. Huawei acknowledged the vulnerability and fixed the information leak.

 

4. CVE-2018-17918

5. CVE-2018-17922

 

[Electric Car Charger, CirControl] - Two distinct issues were found in electric car charging systems by CirControl, a vendor based in Spain. I reported an authentication bypass as well as improperly stored credential access via log files. The vendor patched both issues.

 

6. CVE-2019-6551 [ FAX ATA, Pangea] - I found a denial of service vulnerability in Pangea FAX ATA devices. These adapters connect traditional technologies to VoIP network. The vendor patched the issue after the responsible disclosure.

7. CVE-2019-6542 [ Smart Light Control, ENTTEC] – A remote authentication bypass causing an infinite reboot loop was found in three of ENTTEC smart light control DMX devices (Datagate MK2, Storm24 and Pixelator). After responsible disclosure, the vendor provided a patch for all three of these devices.