← Advisories

SOYAL Biometric Access Control System 5.0 Master Code Disclosure

Medium

Advisory ID

ZSL-2021-5630

Release Date

18 March 2021

Vendor

SOYAL Technology Co., Ltd - https://www.soyal.com

Affected Version

AR-727 i/CM - F/W: 5.0, AR837E/EF - F/W: 4.3, AR725Ev2 - F/W: 4.3 191231, AR331/725E - F/W: 4.2, AR837E/EF - F/W: 4.1, AR-727CM /i - F/W: 4.09, AR-727CM /i - F/W: 4.06, AR-837E - F/W: 3.03

CVE

CVE-2021-28265

Tested On

SOYAL Technology WebServer 2.0, SOYAL Serial Device Server 4.03A, SOYAL Serial Device Server 4.01n, SOYAL Serial Device Server 3.07n

Summary

Soyal Access systems are built into Raytel Door Entry Systems and are providing access and lift control to many buildings from public and private apartment blocks to prestigious public buildings.

Description

The controller suffers from a cleartext transmission of sensitive information. This allows interception of the HTTP traffic and disclose the Master code and the Arming code via a man-in-the-middle attack. An attacker can obtain these codes to enter into the controller's Programming mode and bypass physical security controls in place.

Proof of Concept

soyal_code.txtTXT

Disclosure Timeline

25.01.2021Vulnerability discovered.

03.02.2021Vendor contacted.

08.02.2021No response from the vendor.

09.02.2021Distributor responds and informs vendor.

09.02.2021Sent details to distributor.

10.02.2021Asked distributor for status update.

11.02.2021Vendor will patch the issue.

18.03.2021Public security advisory released.

Credits