https://systemoverlord.com/tags/obihai.htmlRecent content in ObiHai on System OverlordHugoen-usdavid@systemoverlord.com (David Tomaschik)david@systemoverlord.com (David Tomaschik)Mon, 22 Aug 2016 00:00:00 +0000https://systemoverlord.com/2016/08/22/obihai-obiphone-multiple-vulnerabilties.htmlMon, 22 Aug 2016 00:00:00 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2016/08/22/obihai-obiphone-multiple-vulnerabilties.html<p><strong>Note that this a duplicate of the <a href="http://seclists.org/fulldisclosure/2016/Aug/111">advisory sent to the full-disclosure</a> mailing list.</strong></p> <h2 id="introduction">Introduction</h2> <p>Multiple vulnerabilities were discovered in the web management interface of the ObiHai ObiPhone products. The Vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive.</p> <h2 id="affected-devices-and-versions">Affected Devices and Versions</h2> <p>ObiPhone 1032/1062 with firmware less than 5-0-0-3497.</p> <h2 id="vulnerability-overview">Vulnerability Overview</h2> <p>Obi-1. Memory corruption leading to free() of an attacker-controlled address<br> Obi-2. Command injection in WiFi Config<br> Obi-3. Denial of Service due to buffer overflow<br> Obi-4. Buffer overflow in internal socket handler<br> Obi-5. Cross-site request forgery<br> Obi-6. Failure to implement RFC 2617 correctly<br> Obi-7. Invalid pointer dereference due to invalid header<br> Obi-8. Null pointer dereference due to malicious URL<br> Obi-9. Denial of service due to invalid content-length</p>