Thermofisher dataTaker – Insecure by Design – CVE-2017-11349

Introduction Thermofisher dataTaker DT8x devices offer little security, and clear text configuration visible to users without any log in process. The products website: Vulnerable Versions While only DT8x devices have been inspected, it would be unlikely that other models are not also affected by this design issue. Only Firmware 1.72.007 was observed in the […]

Read more "Thermofisher dataTaker – Insecure by Design – CVE-2017-11349"

Dahua NVR – Multiple Exposures (CVE-2017-6341 CVE-2017-6342 CVE-2017-6343)

Introduction Responsible Disclosure Timeline. 2016-10-10: Sent to both the Australian Importer and Dahua, everything mentioned here plus more. The Importer was also called to discuss the issues. 2016-10-17 (approx): Followed up verbally with the importer a couple weeks later (phone). 2016-11-14: Contacted both the Importer and Dahua for an update. Apart from when I rang […]

Read more "Dahua NVR – Multiple Exposures (CVE-2017-6341 CVE-2017-6342 CVE-2017-6343)"