EnvisaLink 3 Alarm System Multiple Vulnerabilities

The EnvisaLink 3 alarm system from Envisacor Technologies Inc. allows you to monitor your home alarm system via the Internet if configured. As noted on a discussion forum the default account is user/user. Testing one of these with firmware version 01.12.158 i verified the default and found it is also vulnerable to a simple cross-site request forgery vulnerability (CVE-2016-78000) that can lead to a victim changing the password. The password change is done with a GET request and has no nonce or token mechanism to stop it.

http://%5Btarget%5D/3?A=3&X=mypassword

The device interface:

envisalink3a

envisalink3b

Advertisements

Tags: ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: