Tuxedo Connected Controller Made by Honeywell – Multiple Vulnerabilities

honeywell1

The Tuxedo Connected Controller – Home Security, Automation, Cam (Shodan search) is made by Honeywell (online manual). The first issue is by default no password is set making the web interface available on the internet. The second issue looks like you can enumerate internal hosts by adding a new camera:

honeywell3-internal1

If you get a 404 not found, the host is alive and has a web server. If you get “10060 disconnected” then no host at that IP address. The second issue is that if a camera is configured it can be done with a name or just the IP address giving up internal IPs:

honeywell7-cam_ip_disclosure

The third issue is that without authentication you can control any lights configured:

honeywell8-lights_and_temp

Advertisements

Tags: ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: