Strik3r Blog
  • $ whoami
  • Security Research
    • CVEs POCs
      • CVE-2023-37831
      • CVE-2023-37832
      • CVE-2023-37833
      • CVE-2023-37835
      • CVE-2023-39695
      • CVE-2023-36082
      • CVE-2023-36081
      • CVE-2023-34673
      • CVE-2023-34672
      • CVE-2023-34671
      • CVE-2022-44354
      • CVE-2022-44355
      • CVE-2022-44356
      • CVE-2022-48164
      • CVE-2022-48165
      • CVE-2022-48166
      • CVE-2022-44357
    • How To Pass Your eJPT Exam
    • Hacking IoT Introduction
    • Hacking wireless by monitoring
    • The Art of Camouflage: Exploring Advanced PHP Backdoor Obfuscation Techniques
    • Beyond the Desktop: Exploiting a Leaked Token for API
  • Hack The Box
    • Paper
  • CyberTalents Challenges
    • Web Chanllenges
      • Private Agent
    • Intro to Cybersecurity Bootcamp CTF Assessment
  • Bug Bounty
    • Easy LFI
    • HTTP PUT Method Exploit
Powered by GitBook
On this page
  • Description
  • Introduction
  • Details

Was this helpful?

  1. Security Research
  2. CVEs POCs

CVE-2023-36082

PreviousCVE-2023-39695NextCVE-2023-36081

Last updated 1 year ago

Was this helpful?

Description

unauthenticated access to LDAP and SMTP credentials in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W

Discoverer: Eslam Kamal (Strik3r)

Vendor of Product: GatesAIr

Affected Product: FM Transmitter/Exciter v.FAX 150W

Introduction

The dangers of leaking sensitive user or business data are fairly obvious, but disclosing technical information can sometimes be just as serious. Although some of this information will be of limited use, it can potentially be a starting point for exposing an additional attack surface, which may contain other interesting vulnerabilities.

Details

IoT metrics can be used against the IoT device itself. The metrics indicate some internal hardware information that shouldn't be exposed to an unauthorized actor; in our case, this information was exposed to the anonymous user. Anonymous users without any cookies or privileges can access the information without being prohibited or denied.

Certain internal information about the IoT device will be exposed if any unauthorized or unauthenticated user navigates to /json as you can see in the image below:

As you can see LDAP creds are being leaked on this path to unauthorized actors.

An LDAP password is a crucial piece of information required to access and authenticate with an LDAP server. An attacker who obtains an LDAP password can potentially cause significant damage to an organization. Here are some of the consequences of attackers obtaining an LDAP password:

  1. Unrestricted Access: Attackers can use leaked credentials to gain unrestricted access to sensitive data, applications, and systems within the organization.

  2. Data Breach: Attackers can use the obtained LDAP password to access the organization's network and steal sensitive data, including confidential customer information, financial data, and intellectual property.

  3. Malicious Activities: Attackers can use leaked credentials to carry out malicious activities such as installing malware, deleting files, or altering data within the organization's network.

Also, there is some critical information about the SMTP server including clear-text credentials as you can see below:

By accessing the SMTP server with the leaked credentials, attackers might use this information to launch a larger attack. they could potentially use them to send malicious emails, such as phishing emails, or to send spam. They could also use the credentials to gain access to confidential emails sent through the server.