← Advisories

Deep Sea Electronics DSE855 Remote Authentication Bypass

Critical

Advisory ID

ZSL-2024-5825

Release Date

03 July 2024

Vendor

Deep Sea Electronics plc - https://www.deepseaelectronics.com

Affected Version

Model: DSE855, Software version: 1.0.26, Module version: 1.0.78, Bootloader version: 1.0.3, Firmware version: 1.1.0

CVE

CVE-2024-5947

Tested On

embOS/IP

Summary

The DSE855 communications device allows monitoring of a single DSE controller with USB connectivity over a LAN or WAN connection. To achieve this the DSE855 utilises its in-built web server or MODBUS TCP. In order to use over a LAN connection the on-site router must be configured to be accessible from any global location.

Description

The device is vulnerable to configuration disclosure when direct object reference is made to the Backup.bin file using an HTTP GET request. This will enable an attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and full system access.

Proof of Concept

dse855_auth.txtTXT

Disclosure Timeline

10.11.2023Vulnerability discovered.

14.11.2023Vendor communicated via Trend Micro's Zero Day Initiative program.

13.06.2024ZDI-24-671 advisory released.

03.07.2024Public security advisory released.

18.09.2024Vendor releases updated firmware to address this issue.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://www.zerodayinitiative.com/advisories/ZDI-24-671/