[OMRON] "NS WEB Interface": Login Bypass (CVE-2018-6624)

16. Juli 2020

Today we will be presenting a vulnerability classified as critical found in Omron NS 1.1 / 1.2 / 1.3 which allows remote attackers to bypass authentication via a direct request to the resource "/monitor.html"

The vulnerability has been assigned the following CVE: "CVE-2018-6624"

Official documentation:

The vendor (OMRON) not only provides the default access credentials (default:default) that in most cases are still functional, but additionally the different URLs are displayed, which surprisingly, are the only necessary requirements to bypass the "security".

You can check the full documentation in the following link:

https://www.support-omron.fr/telechargements/documentations/2017-07-24%20-%2011-16-27%20-%2073442946/V100-E1-01+WEB_Interface+Operation_Manual.pdf

Proof of concept:

In summary, when the application asks for the corresponding access credentials, you must simply cancel and add "/monitor.html" to the url and you will immediately gain access to its monitoring and corresponding administration.

Exposure

The search criteria to find this equipment is: "NS Web Interface"

SHODAN: https://shodan.io/search?query="NS+Web+Interface"

FOFA: another interesting tool that can be used when searching for indexed technology is https://www.fofa.so/

Alle Blog-Posts