Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

A researcher found Half a dozen vulnerabilities in eWON routers!

In industrial routers from eWON, a researcher has identified half a dozen vulnerabilities. Some of them are rated high severity by ICS-CERT.

There is a eWON named company in Belgium. eWON is specializes in remote connectivity solutions and industrial VPN routers, designed for connecting industrial machines to the Internet in a secure way. Energy, oil and gas, robotics, transportation, textiles, water and wastewater, medical, renewable energy and food and beverage are the sectors which are using its products.

ICS-CERT told that several vulnerabilities have been found by an independent researcher Karn Ganeshen in a running eWON router. After that vendor has released an update to patch the flaws but only few of them has been fixed by this update. ICS-CERT assigned a most serious of vulnerability in it, with a CVSS score of 9.9. This flaw is a user rights management issue (CVE-2015-7926).According to the statement of eWON, this flaw allows an attacker to gather information and status on I/O servers. It also allows an attacker to change I/O server configuration parameters or delete some users.

ICS-CERT rated another flaw as high severity. This is related to the transmission of passwords in clear text (CVE-2015-7928). MITM (man in the middle) attack is the way for any attacker to intercept the information by exploiting this vulnerability. A CSRF vulnerability and stored XSS vulnerability is also found by the Ganeshen in the eWON router.

A weak session management issue that causes the session to remain active even after the user clicks the “log off” button can cause many other flaws. This flaw is also available in the router and reported by the expert.

In the eWON router the least serious issue is related to the fact that in a request web server allows the replacement of POST method with the GET method. As we know GET method exposes all the information of user in URL bar. This flaw could be used in combination with the Cross Site Request Forgery (CSRF) vulnerability.

Half of these vulnerabilities affect all eWON devices and rest of all only impacts the CD and flexy models of routers. The latest Firmware version 10.1s0 patches the user rights management, password visibility and browser session issues vulnerabilities. eWON said that XSS and CSRF are the vulnerabilities which are not highly beneficial for attacker but they will fix it after some time because they had to do some research on these vulnerabilities.

 

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.