---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: WowWee Rovio Security Bypass and Information Disclosure SECUNIA ADVISORY ID: SA33538 VERIFY ADVISORY: http://secunia.com/advisories/33538/ CRITICAL: Moderately critical IMPACT: Security Bypass, Exposure of sensitive information WHERE: >From remote SOFTWARE: WowWee Rovio http://secunia.com/advisories/product/21061/ DESCRIPTION: Brian Dowling has reported some vulnerabilities in WowWee Rovio, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information. 1) Access to the RTSP stream exported by the device is available without authentication. This can be exploited to gain access to the potentially sensitive audio or video data. 2) Access to certain scripts available via the web interface is not properly restricted. This can be exploited to e.g. disclose configuration settings and wireless networks in the proximity of the device. Affected scripts: * GetUPnP.cgi * GetStatus.cgi * GetVer.cgi * ScanWlan.cgi * GetAudio.cgi * GetMac.cgi * Upload.cgi * GetUpdateProgress.cgi * GetTime.cgi * GetLogo.cgi * GetName.cgi * GetVNet.cgi * cmgr/control * cmgr/event * cdir/control * cdir/event SOLUTION: Restrict network access to the device. PROVIDED AND/OR DISCOVERED BY: Brian Dowling, Simplicity Communications ORIGINAL ADVISORY: http://www.simplicity.net/vuln/2009-01-Rovio-insecurity.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------