TP-Link "2-series" switches, all TP-Link VxWorks-based product Multiple vulnerabilities

2014.10.01

Credit: kvnjs

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Vendor affected: TP-Link (http://tp-link.com)
Products affected:
* All TP-Link VxWorks-based devices (confirmed by vendor)
* All "2-series" switches (confirmed by vendor)
* TL-SG2008 semi-managed switch (confirmed by vendor)
* TL-SG2216 semi-managed switch (confirmed by vendor)
* TL-SG2424 semi-managed switch (confirmed by vendor)
* TL-SG2424P semi-managed switch (confirmed by vendor)
* TL-SG2452 semi-managed switch (confirmed by vendor)
Vulnerabilities:
* All previously-reported VxWorks vulnerabilities from 6.6.0 on;
at the very least:
* CVE-2013-0716 (confirmed by vendor)
* CVE-2013-0715 (confirmed by vendor)
* CVE-2013-0714 (confirmed by vendor)
* CVE-2013-0713 (confirmed by vendor)
* CVE-2013-0712 (confirmed by vendor)
* CVE-2013-0711 (confirmed by vendor)
* CVE-2010-2967 (confirmed by vendor)
* CVE-2010-2966 (confirmed by vendor)
* CVE-2008-2476 (confirmed by vendor)
* SSLv2 is available and cannot be disabled unless HTTPS is
completely disabled (allows downgrade attacks)
(confirmed by vendor)
* SSL (v2, v3) offers insecure cipher suites and HMACs which cannot
be disabled (allows downgrade attacks)
(confirmed by vendor)
Design flaws:
* Telnet is available and cannot be disabled (confirmed by vendor)
* SSHv1 enabled by default if SSH is enabled (confirmed by vendor)
Vendor response:
TP-Link are not convinced that these flaws should be repaired.
TP-Link's Internet presence -- or at least DNS -- is available only
intermittently. Most emails bounced. Lost contact with vendor, but
did confirm that development lead is now on holiday and will not
return for at least a week.
Initial vendor reaction was to recommend purchase of "3-series"
switches. Vendor did not offer reasons why "3-series" switches would
be more secure, apart from lack of telnet service. Vendor confirmed
that no development time can be allocated to securing "2-series"
product and all focus has shifted to newer products.
(TL-SG2008 first product availability July 2014...)
Vendor deeply confused about security of DES/3DES, MD5, claimed that
all security is relative. ("...[E]ven SHA-1 can be cracked, they just
have different security level.")
Fix availability:
None.
Work-arounds advised:
None possible. Remove products from network.

References:

http://seclists.org/fulldisclosure/2014/Oct/6

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

TP-Link "2-series" switches, all TP-Link VxWorks-based product Multiple vulnerabilities

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.