Vulnerabilities: Cross-site Request Forgery, Improper Authentication
The following versions of JTC-200, a TCP/IP converter, are affected:
Successful exploitation of these vulnerabilities
could allow for remote code execution on the device with elevated privileges.
Read on for details.
Found multiple vulnerabilities in RS232-NET Converter (model JTC-200), and have been coordinating with ICS-CERT for quite a while now. IMHO it is time for a public disclosure.
Product details -> http://www.jantek.com.tw/en/product/73
Seen deployed in:
- CHTD, Chunghwa Telecom Co., Ltd. (Taiwan)
- HiNet (Taiwan & China)
- PT Comunicacoes (Portugal)
- Sony Network Taiwan Limited (Taiwan)
- Vodafone Portugal (Portugal)
This hardware seems to be in use on several large corporate networks, and has a backdoor shell quietly listening in offering unauthenticated access!
Read on for details and poc.