Ctrlx Hmi Web Panel Wr2107 Firmware Security Vulnerabilities - January

CVE-2023-41255

The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authenticationof the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on ...

CVE-2023-41372

The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcode...

CVE-2023-41960

The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself.

CVE-2023-43488

The vulnerability allows a low privileged (untrusted) application tomodify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical...

CVE-2023-45220

The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable b...

CVE-2023-45321

The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable ...

CVE-2023-45844

The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug).

CVE-2023-45851

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device

CVE-2023-46102

The Android Client application, when enrolled to the AppHub server, connects to an MQTTbroker to exchange messages and receive commands to execute on the HMI device.The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, ...