Blog | Disclosure

Unauthorized FLIR (Lorex) Cloud Access

Posted on October 10, 2017

Traditionally, closed circuit tv (CCTV) cameras and digital video recorders (DVRs) have been stand-alone, self-contained systems.  If the ability to access these systems remotely was required it was most commonly achieved by opening a port on a firewall and allowing access from the Internet to the DVR or camera directly.  Although effective, that method of access left what was in...Continue reading 

CVE-2017-6079 – Blind Command Injection in Edgewater Edgemarc Devices

Posted on May 16, 2017

During a recent external penetration test, one of the many servers listening on the default HTTP port 80 caught my eye. The web server threw a HTTP Basic Authentication login prompt immediately upon viewing it, which was unique amongst this particular target network. Some time was spent trying to fingerprint the device and nmap did most of the heavy lifting for...Continue reading 

Polycom VVX-Series Business Media Phones Path Traversal Vulnerability

Posted on December 11, 2015

In June I spent a little time in the web administrative interface of a Polycom VVX600 IP phone running UC Software Version 5.1.3.1675. As I proxied the traffic through BurpSuite, I immediately noticed something interesting in the requests that the interface uses to display phone background images and ring tones to web users. The requests contained actual file names. Anyone involved...Continue reading 

Have Questions?
Get Answers