Security vulnerabilities in enttec devices

Interested to see how this shakes out. Seems like similar issues as related to IoT devices which by nature must be connected to the internet to operate as designed. But because they're such small devices, everyone just treats them like a $2 ground lift adapter and throws whatever components inside that work.

Slight tangent - when Apple knock off 5w USB chargers started causing fires and someone dissected the knock off vs the apple and realized how much intentional engineering went inside a "free" apple charger and how dangerous the knock offs were, it was amazing and eye opening, especially for those with 240v power, knowing how well Apple isolated the high from low voltage parts inside the little white cube.
http://www.righto.com/2012/05/apple-iphone-charger-teardown-quality.html
 
Heard this is due to a known backdoor in Linux. If not closed, security is compromised.... and then you get put on this website
 
Does anyone know if this is likely limited to the listed product? I've got an Entec Node ODE (unsure if Mk1 or Mk2) that's on a firewalled network but that does have internet access.

Philip
 
Heard this is due to a known backdoor in Linux. If not closed, security is compromised.... and then you get put on this website
I don't see how any known backdoor would cause all of the following. I could potentially see it causing #3, but the other ones seem to be pure developer lack of effort.
3.2.1 USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321
3.2.2 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
3.2.3 IMPROPER ACCESS CONTROL CWE-284
3.2.4 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732
 

Users who are viewing this thread

Back