Glory RBW-100 Vulnerabilities [CVE-2019-10479 and CVE-2019-10478]
CVE Number – CVE-2019-10479 and CVE-2019-10478
CVE-2019-10479
An issue was discovered on Glory RBW-100 running firmware ISP-K05-02 7.0.0. An issue was discovered on Glory RBW-100 devices. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface.
CVE-2019-10478
An issue was discovered on Glory RBW-100 running firmware ISP-K05-02 7.0.0. An issue was discovered on Glory RBW-100 ISP-K05-02 7.0.0 devices. An unrestricted file upload vulnerability in the Front Circle Controller glytoolcgi/settingfile_upload.cgi allows attackers to upload supplied data. This can be used to place attacker controlled code on the filesystem that can be executed and can lead to a reverse root shell.
Resolution
To mitigate this vulnerability, the user will need to contact their Glory account manager. Non Glory customers or customers who do not have a support contract must use the contact form on the GGS website https://www.glory-global.com/en-gb/contact-us/
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.