Security Update - CVE-2019-16270, CVE-2019-16274, CVE-2019-16273, CVE-2019-16273, CVE-2019-16272
Product - D7 55”
New Version: 1.3.5 - NOW AVAILABLE
- This version is to ensure the security of the DTEN D7 55".
- Version 1.3.5 will be available after the D7 is updated to 1.3.4. Upgrading via Zoom portal
Please note: If your D7 is on a version that is lower than 1.3.0 (please check your Zoom portal), please contact support@dten.com
Product - D5
New Version: 1.2.3 - NOW AVAILABLE
- For customers who would like to update the D5, please contact support@dten.com along with the device DTEN ID or the device Serial Number.
CVEs reserved |
Type of Weakness |
Description |
Components Affected |
Severity |
Status |
CVE-2019-16270 |
Data Leakage |
DTEN devices store customer data (e.g., PDF files of shared Note App whiteboards) in a misconfigured AWS S3 bucket that is exposed to the public internet via directory traversal. AWS S3 storage bucket on a dten.com subdomain is misconfigured to be publicly accessible. It contains all of customer Notes App whiteboard images (PDFs) as well as Android log files, OTA and maintenance update zip files
Recommendation to the vendor: Disable public access or add authentication in accordance with AWS Security documentation |
AWS Cloud API, D5 Firmware older than 1.2.2 D7 Firmware order than 1.3.0 5/19 |
High |
Fixed AWS bucket no longer public Verified on 10/2/19 |
CVE-2019-16274 |
Data Leakage |
AWS server is lacking encryption (HTTP is used rather than HTTPS) Recommendation to the vendor: Add TLS encryption and enforce HTTPS only |
AWS Cloud API, D5 Firmware older than 1.2.2 D7 Firmware order than 1.3.0 5/19 |
Medium |
Fixed (feature discontinued) |
CVE-2019-16271 |
Unauthenticated web server |
On DTEN Touchboards D7 there is an Android OS that is always running. This OS exposes an unauthenticated web server on port 8080/tcp. The server contains all saved whiteboards on the device. This allows remote attackers (within the customer network) to connect to the Android IP:8080 to download any saved whiteboard image PDF documents. File system path: /storage/emulated/0/Notes/PDF Recommendation to the vendor: Disable this web service or add an authentication mechanism |
D5 Firmware older than 1.2.2 D7 Firmware order than 1.3.2 7/19 |
High |
Fixed and verified on D7 D5 1.2.3 fixes this issue NOW AVAILABLE |
CVE-2019-16273 |
Arbitrary Code Execution |
Android OS: Android Debug Bridge (ADB) access allows for unauthenticated root shell access, leading to full system administration and execution of any arbitrary code. At least three methods to access ADB were found: USB, Ethernet and wireless interfaces This provides a covert ability to capture screen data from the Zoom Client on connected Windows host by executing commands on the Android OS. Recommendation to the vendor: Disable access to ADB. Covering USB and ethernet ports with a “Do Not Remove” sticker will not remedy this. |
D5 Firmware older than 1.2.3 D7 Firmware order than 1.3.4 9/19 |
High |
Fixed D5 1.2.3 fixes this issue NOW AVAILABLE D7 1.3.5 fixes this issue NOW AVAILABLE |
CVE-2019-16272 |
Factory access settings |
Android OS: Factory settings access provides a covert ability to capture Windows host data including the Zoom meeting content Recommendation to the vendor: Disable access to full Factory Settings. User settings for updating the device and configuration. |
D5 Firmware older than 1.2.3 D7 Firmware order than 1.3.4 |
Medium |
Fixed D5 1.2.3 fixes this issue NOW AVAILABLE D7 1.3.5 fixes this issue NOW AVAILABLE |
DTEN thanks Forescout for bringing these items to our attention.
If you have additional questions or need to contact DTEN Support, please refer to this DTEN Knowledge Base article for more details: HERE.
Comments
0 comments
Article is closed for comments.