← Advisories

BEWARD Intercom 2.3.1 Credentials Disclosure

Medium
Advisory ID
ZSL-2019-5505
Release Date
27 January 2019
Vendor
Beward R&D Co., Ltd - https://www.beward.net
Affected Version
2.3.1.34471, 2.3.0, 2.2.11, 2.2.10.5, 2.2.9, 2.2.8.9, 2.2.7.4
CVE
CVE-2018-25130
Tested On
Microsoft Windows 10 Home (EN), Microsoft Windows 7 SP1 (EN)
Summary

Multiaccessible User Operation, Electronic Lock Control, Real-Time Video, Two-Way Audio. The software is used for BEWARD IP video door stations control.

Description

The application stores logs and sensitive information in an unencrypted binary file called BEWARD.INTERCOM.FDB. A local attacker that has access to the current user session can successfully disclose plain-text credentials that can be used to bypass authentication to the affected IP camera and door station and bypass access control in place.

Proof of Concept
beward_creds.pyTXT
Disclosure Timeline
28.11.2018Vulnerability discovered.
30.11.2018Vendor contacted.
30.11.2018Received automated confirmation of message receipt and assigned Ticket ID: NCG-690-71011.
26.01.2019No response from the vendor.
27.01.2019Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://www.beward.net/product/5411
[2]https://packetstormsecurity.com/files/151345
[3]https://cxsecurity.com/issue/WLB-2019010265
[4]https://www.exploit-db.com/exploits/46267
[5]https://exchange.xforce.ibmcloud.com/vulnerabilities/156274
[6]https://www.cve.org/CVERecord?id=CVE-2018-25130
Changelog
27.01.2019Initial release
29.01.2019Added reference [2], [3] and [4]
31.01.2019Added reference [5]
21.03.2026Added reference [6]