Three Vulnerabilities in iBSG 3.5

Disclosure post of three vulnerabilities in N.V.K. Inter Co., Ltd. iBSG v3.5, a gateway software for hotels, airports and restaurants from Thailand.

Remote Code Execution in Mailcow

Background As so often in life, you can search for things for months without success; then later they fall into your hands without further ado. It was the same with this vulnerability: after months of my servers fuzzing various open source software, the vulnerability described in this post just “ran into me” by looking onto htop closely. Objective mailcow: dockerized is an open source groupware/email suite based on docker. mailcow relies on many well known and long used components, which in combination result in an all around carefree email server.

Five Vulnerabilities in ABUS cameras

Background It was a chill friday evening when Ilias, Alexander and myself sat around our local hackspace Chaosdorf, ate some pizza and played around with the ABUS security camera we were able to get in our hands shortly before. As the company has quite some reputation in Germany, we assumed that there wouldn’t be much to find security-wise, also because this camera was one of the most expensive ones in the consumer market.