← Advisories

SOYAL 701Server 9.0.1 Insecure Permissions

Medium
Advisory ID
ZSL-2021-5633
Release Date
18 March 2021
Vendor
SOYAL Technology Co., Ltd - https://www.soyal.com
Affected Version
9.0.1 190322, 8.0.6 181227
CVE
CVE-2021-28271
Tested On
Microsoft Windows 10 Enterprise
Summary

701 Server is the program used to set up and configure LAN and IP based access control systems, from the COM port used to the quantity and type of controllers connected. It is also used for programming some of the more complex controllers such as the AR-716E and the AR-829E.

Description

The application suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' and 'Authenticated Users' group.

Proof of Concept
soyal_701serverperms.txtTXT
Disclosure Timeline
25.01.2021Vulnerability discovered.
03.02.2021Vendor contacted.
08.02.2021No response from the vendor.
09.02.2021Distributor responds and informs vendor.
09.02.2021Sent details to distributor.
10.02.2021Asked distributor for status update.
11.02.2021Vendor will patch the issue.
18.03.2021Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://packetstormsecurity.com/files/161877/
[2]https://www.exploit-db.com/exploits/49678
[3]https://cxsecurity.com/issue/WLB-2021030142
[4]https://exchange.xforce.ibmcloud.com/vulnerabilities/198550
[5]https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28271
[6]https://nvd.nist.gov/vuln/detail/CVE-2021-28271
Changelog
18.03.2021Initial release
23.03.2021Added reference [1], [2], [3] and [4]
19.06.2021Added reference [5] and [6]