Glory RBW-100 Vulnerabilities [CVE-2019-10479 and CVE-2019-10478]

CVE Number – CVE-2019-10479 and CVE-2019-10478

CVE-2019-10479

An issue was discovered on Glory RBW-100 running firmware ISP-K05-02 7.0.0. An issue was discovered on Glory RBW-100 devices. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface.

CVE-2019-10478

An issue was discovered on Glory RBW-100 running firmware ISP-K05-02 7.0.0. An issue was discovered on Glory RBW-100 ISP-K05-02 7.0.0 devices. An unrestricted file upload vulnerability in the Front Circle Controller glytoolcgi/settingfile_upload.cgi allows attackers to upload supplied data. This can be used to place attacker controlled code on the filesystem that can be executed and can lead to a reverse root shell.

Resolution

To mitigate this vulnerability, the user will need to contact their Glory account manager. Non Glory customers or customers who do not have a support contract must use the contact form on the GGS website https://www.glory-global.com/en-gb/contact-us/

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: