Software analysisThose blessed with access would be able to download a certain 855.zip, containing a PDF file with instructions—just as described by the manufacturer—and several binaries:· A855-01.bin appears to contain an exception vector table· B855-01.bin contains the bulk of software—the whopping 439KB· C855-01.bin looks like default configuration data, and· M855-01.rfs proved to be a file system with a lot of XML files.By trimming the first 8 bytes of B855-01.bin and loading it into Ghidra at address 0x1B000000, it is possible to explore the software in further detail. The address was hinted at by the contents of A855-01.bin, where many non-zero little-endian words started with 1B00.The software was then explored both statically in Ghidra and dynamically by interacting with the exposed web server to confirm our hypotheses, but more on that in the text below.Now, without any further ado, let’s get right to the issues that were discovered and look at them in more detail. Note: all symbol names listed below are based on the reverse engineering effort and the fact that the software, at least the web server part, was based on the embOS/IP middleware package from Segger as evidenced by the contents of the Server HTTP header.ZDI-24-671: Configuration backup missing authenticationThis was the initial report by Gjoko Krstic of Zero Science Lab, which prompted further investigation by the ZDI team.The gist of the issue is dead simple: accessing a certain URL will result in obtaining a configuration backup, identical in format and size to what is supplied in the software update—like so:
Zero Day Initiative — Multiple Vulnerabilities in the Deep Sea Electronics DSE855
Related Posts
Discord rolls out end-to-end encryption for audio, video calls
Discord has introduced the DAVE protocol, a custom end-to-end encryption (E2EE) protocol designed to protect audio and video calls on the platform from unauthorized interceptions. DAVE was created with the…
Threat Actors Target Contractor Software
Threat actors have been targeting Foundation accounting software commonly used by general contractors in the construction industry, leveraging active exploits within the plumbing, HVAC, and concrete sub-industries, among others.Researchers at…