← Advisories

SOYAL 701Client 9.0.1 Insecure Permissions

Medium
Advisory ID
ZSL-2021-5634
Release Date
18 March 2021
Vendor
SOYAL Technology Co., Ltd - https://www.soyal.com
Affected Version
9.0.1 190410, 9.0.1 190115
CVE
CVE-2021-28269
Tested On
Microsoft Windows 10 Enterprise
Summary

701 Client is the user interface software for the access control system. It is used for adding and deleting tokens, setting door groups for access, setting time zones for limiting access and monitoring ingress and egress on a live system, among other things.

Description

The application suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Authenticated Users' group.

Proof of Concept
soyal_701clientperms.txtTXT
Disclosure Timeline
25.01.2021Vulnerability discovered.
03.02.2021Vendor contacted.
08.02.2021No response from the vendor.
09.02.2021Distributor responds and informs vendor.
09.02.2021Sent details to distributor.
10.02.2021Asked distributor for status update.
11.02.2021Vendor will patch the issue.
18.03.2021Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://www.exploit-db.com/exploits/49679
[2]https://packetstormsecurity.com/files/161878/
[3]https://cxsecurity.com/issue/WLB-2021030135
[4]https://exchange.xforce.ibmcloud.com/vulnerabilities/198548
[5]https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28269
[6]https://nvd.nist.gov/vuln/detail/CVE-2021-28269
[7]https://www.tenable.com/cve/CVE-2021-28269
[8]https://www.security-database.com/detail.php?alert=CVE-2021-28269
Changelog
18.03.2021Initial release
23.03.2021Added reference [1], [2], [3] and [4]
19.06.2021Added reference [5], [6], [7] and [8]