The Discovery of CVE-2024–5947: Authentication Bypass in Deep Sea Electronics DSE855

2 months ago 41

BOOK THIS SPACE FOR AD

ARTICLE AD

Recently, during a routine security assessment, I uncovered a significant flaw in the Deep Sea Electronics DSE855 device. This vulnerability, identified as CVE-2024–5947, pertains to an authentication bypass issue that allows unauthorized access to sensitive information. Here’s how I discovered and explored this vulnerability.

The Discovery

While examining the target, I focused on the device’s web-based interface and noticed a peculiar behavior. The Deep Sea Electronics DSE855 was exposing a configuration backup file at http://xxxxxxxxxx/Backup.bin. This file was accessible without any authentication, raising red flags.

Understanding the Vulnerability

Bug Name: Deep Sea Electronics DSE855 — Authentication Bypass
Bug Priority: Medium
Vulnerable URL: http://xxxxxxx/Backup.bin

CVE Description:

CVE-2024–5947 highlights a critical issue in the Deep Sea Electronics DSE855’s configuration backup process. The vulnerability arises from a lack of authentication before accessing sensitive information stored in the backup file. This issue, documented as ZDI-CAN-22679, allows network-adjacent attackers to retrieve the backup file without proper authorization, potentially exposing sensitive data such as stored credentials.

Impact

The exposed backup file can contain sensitive configuration details that could be leveraged by an attacker to compromise the system further. Accessing this file could lead to unauthorized disclosure of credentials and other critical information, increasing the risk of a security breach.

Steps to Reproduce

To confirm the vulnerability, follow these steps:

Access the Vulnerable URL: Open the URL in your browser: http://xxxxxxxxx/Backup.binObserve the File Access: If the backup file is accessible without any authentication, you can view or download its contents, confirming the vulnerability.

Automating the Hunt

To streamline the process, I built a Python tool specifically for detecting this vulnerability. You can install it using pip and automate your testing:

ToolPOC: CVE-2024–5947on github

pip install CVE-2024-5947
CVE-2024-5947 --chatid <YourTelegramChatID>To Check a Single URL:CVE-2024-5947 -u http://mytargetprogram.comTo Check a List of URLs:CVE-2024-5947 -i urls.txt

Remediation:

To mitigate this vulnerability, it is essential to remove the .bin file from the server and ensure that sensitive files are protected with proper authentication mechanisms.

POC by: @karthithehacker
Mail: contact@karthithehacker.com
Website: https://www.karthithehacker.com/

If you’re interested in our VAPT service, contact us at ceo@cappriciosec.com or contact@cappriciosec.com.

For enrolling my cybersecurity and Bugbounty course,

WhatsApp +91 82709 13635.

Twitter: https://twitter.com/karthithehacker

Instagram: https://www.instagram.com/karthithehacker/

LinkedIn: https://www.linkedin.com/in/karthikeyan--v/

Website: https://www.karthithehacker.com/

Github : https://github.com/karthi-the-hacker/

npmjs: https://www.npmjs.com/~karthithehacker

Youtube: https://www.youtube.com/@karthi_the_hacker

Thank you