Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Transcend Firmware 1.8 CSRF / Brute Force

🗓️ 27 Mar 2017 00:00:00Reported by MustLiveType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 28 Views

Transcend Wi-Fi SD Card 16 GB Firmware v.1.8 vulnerabilitie

Code
`Hello list!  
  
All your photos and videos are belong to me. If they are on Transcend flash  
card :-).  
  
There are Predictable Resource Location, Brute Force and Cross-Site Request  
Forgery vulnerabilities in Transcend Wi-Fi SD Card.  
  
-------------------------  
Affected products:  
-------------------------  
  
Vulnerable is the next model: Transcend Wi-Fi SD Card 16 GB, Firmware v.1.8.  
This model with other firmware versions and other Transcend models also can  
be vulnerable.  
  
----------  
Details:  
----------  
  
There are two modes of connection to the flash card: Direct Share and  
Internet Mode. In the first mode device with Wi-Fi is connected to this  
card, and in the second mode the card itself is connected to Wi-Fi devices  
(access point, router or smartphone with enabled Personal Hotspot) - then  
all computers on the LAN will have access to it. I will discuss the first  
mode, about the second will write in the next advisory.  
  
Predictable Resource Location (WASC-34):  
  
When you insert the card in digital camera and turn camera on, Wi-Fi  
operates immediately and one can connect to it in the Direct Share mode. By  
using default SSID and password. It is unlikely that the owner will change  
these settings. Software and documentation to the card don't give advices on  
changing this password or password to admin panel.  
  
It's possible to get access to all files on the card by using applications  
for iOS and Android. After starting the program it's only need to enter  
username and password for admin panel.  
  
Also in Direct Share mode it's possible to access in the browser to admin  
panel and access all files on the flash card. By using default username and  
password.  
  
Brute Force (WASC-11):  
  
There is no protection against BF attacks in admin panel 192.168.11.254,  
because Basic Authentication is used. It is unlikely that the owner will  
change login and password for admin panel. But if will change, then they can  
be picked up.  
  
Cross-Site Request Forgery (WASC-09):  
  
There are CSRF vulnerabilities in admin panel. Such as this one: in login  
process there is no captcha, so besides lack of protection against BF, also  
CSRF attack can be made. It's possible to remotely enter into admin panel  
(with default login and password) for conducting further CSRF attacks.  
  
<img src="http://admin:[email protected]">  
  
------------  
Timeline:  
------------  
  
2014.05.10 - found vulnerabilities in Transcend Wi-Fi SD Card 16 GB.  
2015.08.01 - announced at my site. Later informed developers.  
2017.01.28 - disclosed at my site (http://websecurity.com.ua/7900/).  
  
Best wishes & regards,  
MustLive  
Administrator of Websecurity web site  
http://websecurity.com.ua   
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
27 Mar 2017 00:00Current
transcendwi-fi sd cardfirmware v.1.8predictable resource locationbrute forcecross-site request forgeryvulnerabilities
28