Software analysisThose blessed with access would be able to download a certain 855.zip, containing a PDF file with instructions—just as described by the manufacturer—and several binaries:· A855-01.bin appears to contain an exception vector table· B855-01.bin contains the bulk of software—the whopping 439KB· C855-01.bin looks like default configuration data, and· M855-01.rfs proved to be a file system with a lot of XML files.By trimming the first 8 bytes of B855-01.bin and loading it into Ghidra at address 0x1B000000, it is possible to explore the software in further detail. The address was hinted at by the contents of A855-01.bin, where many non-zero little-endian words started with 1B00.The software was then explored both statically in Ghidra and dynamically by interacting with the exposed web server to confirm our hypotheses, but more on that in the text below.Now, without any further ado, let’s get right to the issues that were discovered and look at them in more detail. Note: all symbol names listed below are based on the reverse engineering effort and the fact that the software, at least the web server part, was based on the embOS/IP middleware package from Segger as evidenced by the contents of the Server HTTP header.ZDI-24-671: Configuration backup missing authenticationThis was the initial report by Gjoko Krstic of Zero Science Lab, which prompted further investigation by the ZDI team.The gist of the issue is dead simple: accessing a certain URL will result in obtaining a configuration backup, identical in format and size to what is supplied in the software update—like so:
Zero Day Initiative — Multiple Vulnerabilities in the Deep Sea Electronics DSE855
Related Posts
Apple’s New Passwords App May Solve Your Login Nightmares
Apple’s latest iPhone software update, iOS 18, arrives today and includes a new app: Passwords. For the first time, Apple is taking your phone’s ability to save login details and…
D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers
D-Link has fixed critical vulnerabilities in three popular wireless router models that allow remote attackers to execute arbitrary code or access the devices using hardcoded credentials. The impacted models are…