Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

iSmartAlarm Backend Server-Side Request Forgery

🗓️ 12 Jul 2017 00:00:00Reported by Ilia ShnaidmanType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 43 Views

iSmartAlarm Backend SSRF Vulnerability allows remote attackers to use the backend as a proxy server for outbound attacks

Related
Code
ReporterTitlePublishedViews
Family
0day.today		iSmartAlarm Backend Server-Side Request Forgery Vulnerability
13 Jul 201700:00
zdt
CVE		CVE-2017-7727
11 Jul 201717:00
cve
Cvelist		CVE-2017-7727
11 Jul 201717:00
cvelist
NVD		CVE-2017-7727
11 Jul 201717:29
nvd
`[+] Credits: Ilia Shnaidman  
[+] Source:  
http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/  
  
  
Vendor:  
=============  
iSmartAlarm, inc.  
  
  
Product:  
=============  
iSmartAlarm Backend  
  
iSmartAlarm is one of the leading IoT manufactures in the domain of smart alarm systems.  
It provides a fully integrated alarm system with siren, smart cameras and locks.  
It functions like any alarm system, but with the benefits of a connected device: alerts pop up on your phone,  
offering you full remote control via mobile app wherever you are.  
  
  
Vulnerability Type:  
=============  
Server Side Request Forgery  
  
  
CVE Reference:  
=============  
CVE-2017-7727  
  
  
Security Issue:  
================  
Open Redirection -  
iSmartAlarm is not validating injection inside its api.  
  
  
Attack Vectors:  
===============  
One of the backend api's contains an SSRF which allows me to use it as a proxy.  
An attacker can use iSmartAlarm's backend as a proxy server and potentially launch outbound attacks.  
PoC:  
https://api.ismartalarm.com:8443/api/downloadfile.ashx?url=https://ifconfig.io  
  
  
Network Access:  
===============  
Remote  
  
  
Severity:  
=========  
High  
  
  
Disclosure Timeline:  
=====================================  
Jan 30, 2017: Initial contact to vendor  
Feb 1, 2017: Vendor replied, requesting details  
Feb 2, 2017: Disclosure to vendor  
Apr 12, 2017: After vendor didn't replied, I've approached CERT  
Apr 13, 2017: Confirmed receipt by CERT and assigning CVEs  
July 05, 2017: Public disclosure  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Jul 2017 00:00Current
0.4Low risk
Vulners AI Score0.4
ismartalarm backendssrf vulnerabilityremote attack
43