← Advisories

SOYAL Biometric Access Control System 5.0 Weak Default Credentials

High
Advisory ID
ZSL-2021-5631
Release Date
18 March 2021
Vendor
SOYAL Technology Co., Ltd - https://www.soyal.com
Affected Version
AR-727 i/CM - F/W: 5.0, AR837E/EF - F/W: 4.3, AR725Ev2 - F/W: 4.3 191231, AR331/725E - F/W: 4.2, AR837E/EF - F/W: 4.1, AR-727CM /i - F/W: 4.09, AR-727CM /i - F/W: 4.06, AR-837E - F/W: 3.03
CVE
CVE-2021-28266
Tested On
SOYAL Technology WebServer 2.0, SOYAL Serial Device Server 4.03A, SOYAL Serial Device Server 4.01n, SOYAL Serial Device Server 3.07n
Summary

Soyal Access systems are built into Raytel Door Entry Systems and are providing access and lift control to many buildings from public and private apartment blocks to prestigious public buildings.

Description

The web control panel uses weak set of default administrative credentials (no password) that can be easily guessed in remote password attacks.

Proof of Concept
soyal_creds.txtTXT
Disclosure Timeline
25.01.2021Vulnerability discovered.
03.02.2021Vendor contacted.
08.02.2021No response from the vendor.
09.02.2021Distributor responds and informs vendor.
09.02.2021Sent details to distributor.
10.02.2021Asked distributor for status update.
11.02.2021Vendor will patch the issue.
18.03.2021Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://exchange.xforce.ibmcloud.com/vulnerabilities/198553
[2]https://packetstormsecurity.com/files/161875/
[3]https://cxsecurity.com/issue/WLB-2021030119
[4]https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28266
[5]https://nvd.nist.gov/vuln/detail/CVE-2021-28266
Changelog
18.03.2021Initial release
23.03.2021Added reference [1], [2] and [3]
19.06.2021Added reference [4] and [5]