CVE-2019-6814
published 2019-05-22CVE-2019-6814: A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to…
PriorityP186critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
36.65%
98.3th percentile
A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | >= 0 < 74.0+build3-0ubuntu0.16.04.1 | 74.0+build3-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 74.0+build3-0ubuntu0.18.04.1 | 74.0+build3-0ubuntu0.18.04.1 |
| schneider-electric | net5500_firmware | < 2.1.9.7 | 2.1.9.7 |
| schneider-electric | net5501-i_firmware | < 2.1.9.7 | 2.1.9.7 |
| schneider-electric | net5501-xt_firmware | < 2.1.9.7 | 2.1.9.7 |
| schneider-electric | net5501_firmware | < 2.1.9.7 | 2.1.9.7 |
| schneider-electric | net5504_firmware | < 2.1.9.7 | 2.1.9.7 |
| schneider-electric | net5508_firmware | < 2.1.9.7 | 2.1.9.7 |
| schneider-electric | net5516_firmware | < 2.1.9.7 | 2.1.9.7 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated POST requests to /cgi-bin/webra.fcgi?network/ssh with Content-Type application/json — this is the authentication bypass endpoint used to enable SSH and change the root password. ↗
- →Alert on HTTP requests to the NET55XX webUI bearing the forged cookie 'userid=admin; grpid=ADMIN; permission=2147483647' — this cookie is crafted by the attacker to bypass authentication without valid credentials. ↗
- →Monitor for WS-Discovery Probe packets (UDP port 3702) targeting NET55XX devices — the exploit uses ONVIF WS-Discovery to enumerate vulnerable encoders before exploitation. ↗
- →Alert on WS-Discovery Probe messages containing the ONVIF device type 'dp0:NetworkVideoTransmitter' over UDP/3702 — used by the exploit module during the check/enumeration phase. ↗
- →After a successful exploit, watch for new SSH sessions (TCP/22) to NET55XX devices using the username 'root' — the module changes the root password and then connects via SSH to establish a session. ↗
- ·The vulnerability affects NET55XX Encoder firmware versions prior to 2.1.9.7 only; patched devices running 2.1.9.7 or later are not affected. ↗
- ·The exploit has been confirmed against specific NET55XX model variants; coverage may not extend to all hardware revisions. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv6.5MEDIUM
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2784-p9wg-c9fp: An Improper Access Control: CWE-284 vulnerability exists in the NET55XX Encoder with firmware prior to version 2
ghsa_unreviewed·2022-05-24
CVE-2019-6814 [CRITICAL] CWE-287 GHSA-2784-p9wg-c9fp: An Improper Access Control: CWE-284 vulnerability exists in the NET55XX Encoder with firmware prior to version 2
An Improper Access Control: CWE-284 vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI.
OSV
firefox vulnerabilities
osv·2020-03-11·CVSS 6.5
CVE-2019-20503 firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the URL or
other browser chrome, obtain sensitive information, bypass Content
Security Policy (CSP) protections, or execute arbitrary code.
(CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807,
CVE-2020-6808, CVE-2020-6810, CVE-2020-6812, CVE-2020-6813, CVE-2020-6814,
CVE-2020-6815)
It was discovered that Web Extensions with the all-url permission could
access local files. If a user were tricked in to installing a specially
crafted extension, an attacker could potentially exploit this to obtain
sensitive information. (CVE-2020-6809)
It was discovered that the
VulnCheck
Schneider Electric net5501_firmware Improper Authentication
vulncheck·2019·CVSS 9.8
CVE-2019-6814 [CRITICAL] Schneider Electric net5501_firmware Improper Authentication
Schneider Electric net5501_firmware Improper Authentication
A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI.
Affected: Schneider Electric net5501_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-13&host_type=src&vulnerability=cve-2019-6814
No detection rules found.
Exploit-DB
Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass (Metasploit)
exploitdb·2019-07-29
CVE-2019-6814 Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass (Metasploit)
Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule "Schneider Electric Pelco Endura NET55XX Encoder",
'Description' => %q(
This module exploits inadequate access controls within the webUI to enable
the SSH service and change the root password. This module has been tested successfully
on: NET5501, NET5501-I, NET5501-XT, NET5504, NET5500, NET5516, NET550 versions.
),
'License' => MSF_LICENSE,
'Author' =>
[
'Lucas Dinucci ',
'Vitor Esperança '
],
'References' =>
[
['CVE', '2019-6814'],
['URL', 'https://www.schneider-electric.com/en/download/document/SEVD-2019-134-01/']
],
'Payload' =>
{
'Compat
Metasploit
Schneider Electric Pelco Endura NET55XX Encoder
metasploit
Schneider Electric Pelco Endura NET55XX Encoder
Schneider Electric Pelco Endura NET55XX Encoder
This module exploits inadequate access controls within the webUI to enable the SSH service and change the root password. This module has been tested successfully on: NET5501, NET5501-I, NET5501-XT, NET5504, NET5500, NET5516, NET550 versions.
2019-05-22
Published
Exploited in the wild