mailing list archives
Credentials leaks in Legrand-003598 / Bticino-F454 SCS Web Gateway
From: sxpert <sxpert () sxpert org>
Date: Wed, 17 Oct 2012 14:23:17 +0200
Credential leaks lead to complete compromise of home automation
The 2 devices are identical, and act as an IP gateway between
the SCS home automation bus, and an IP network.
The devices uses https for the web-front, and is also open on
port 20000 with an semi open protocol that allows controlling
everything at the owner's location.
3. VULNERABILITY DESCRIPTION
https://[ip address of device]/TiWeb.xml
is directly accessible without requiring credential requests of
any sort, that contains plaintext login and passwords to the device
these credentials are all that's needed to reprogram the entire home
automation system, access video cameras in the installation, control
the burglar alarm, and more.
4. VERSIONS AFFECTED
just head to the url on an affected device. you can find those devices
by searching google for 'top_right_bticino' (and probably
upgrade to version 1.00.32 available
This vulnerability was found by Raphaël Jacquot, an independant
9. DISCLOSURE TIME-LINE
2012-07-23: Vendor Notified
2012-10-02: Vendor published non-vulnerable firmare 1.00.32
2012-10-17: Vulnerability disclosed
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Credentials leaks in Legrand-003598 / Bticino-F454 SCS Web Gateway sxpert (Oct 17)