Archive for September, 2015

Monroe Electronics Model R189 One-Net Digital Emergency Alert System Encoder/Decoder Default Credentials

September 12, 2015

Monroe Electronics Model R189 One-Net Digital Emergency Alert System Encoder/Decoder aka DASDEC uses a web interface for device management. According to the manual it contains several default credentials:

4.1.1. Using a VGA monitor, keyboard, and mouse with a One-Net To configure the One-Net:
• Connect the VGA monitor, keyboard and mouse connected to the correct ports on the back of the One-Net.
• Then power up and wait for the One-Net to boot and become fully operational. Make sure the VGA monitor is powered on.
• You will be presented with a login prompt on the VGA monitor. Type in the user name of “root” (without parenthesis). The default password is “dasdec1“.

Wait for the desktop to fully launch. Once the desktop is ready, run the provided One-Net browser app by clicking the icon labeled One-Net Web Interface. This launches a browser, which will automatically access the One-Net web server Login page. Follow the instructions for Section 4.2 below for logging into the One-Net using the Web login page. Everything you will need to do to setup the One-Net for operation and remote network access will be available from within the Web interface. There is a built in administrative user (Admin) for the One-Net Web Interface. The default password for Admin is “dasdec

Web Server Login
When the One-Net successfully connects for a Web session, it will present the following page in the Web browser.
Type “Admin” (no quotes) as the default user name, and “dasdec” (again, without quotes) as the password. Press the left mouse button over the Login button. With the correct user name and password, the One-Net will login. If the user or password is incorrect, the One-Net will display a message indicating the problem. If the One-Net is left unattended for 10 minutes, it will automatically logout. A message indicating session timeout will be displayed on the login screen.

monroe1

Sony Network Camera SNC-RH124 Web Interface Default Admin Credentials

September 11, 2015

The Sony Network Camera SNC-RH124 uses a web interface to access the camera feed and configure it. According to the manual and tested against a camera running firmware 1.34.00 it comes with default credentials:

rh124-defaults

Barix Streaming Client Multiple Vulnerabilities

September 10, 2015

The Barix Streaming Client is a product that “can deliver high quality branded audio in real time via the internet or a local network to an unlimited number of locations and gives the option for localized and targeted ad insertion too, all via live streaming.

It uses a web interface for device management. By default it does not require authentication and does not appear to allow you to set a user account just a password. Version B3.14 was tested and found to have additional problems!

Unauthenticated access –

barix01

You can manipulate streaming settings and change the audio the person hears –

barix02

Under Configuration -> Advanced Settings, the ‘User Agent’ field is not sanitized. Inserting script code triggers a POST request to /setup.cgi and updates the ‘S517’ parameter allowing for cross site scripting (CVE-2015-78000) that renders on uifadvanced.html –

barix03

barix04-xss

It also renders on /ixstatus.html –

barix06-rendered

The security settings that allow for a password –

barix05-default

You can also manually reboot the device or create a script that will continually reboot it –

barix07-reboot-dos