Login Sign Up

CVE-2018-15123

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2018-15123 is an insecure configuration storage vulnerability in Zipato Zipabox Smart Home Controllers that allows remote attackers to access sensitive configuration data. This enables attackers to perform new attack vectors and potentially take control of the device and connected smart home systems. Affected users are those running vulnerable Zipabox devices with internet exposure.

💻 Affected Systems

Products:
  • Zipato Zipabox Smart Home Controller
Versions: System Version -118
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects BOARD REV - 1 hardware. The vulnerability is in how configuration data is stored and accessed.

📦 What is this software?

Zipabox Firmware by Zipato

View all CVEs affecting Zipabox Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of smart home controller leading to full control of connected IoT devices, potential physical safety risks, and data exfiltration from the home network.

🟠

Likely Case

Remote attackers gain administrative access to the Zipabox, enabling them to manipulate smart home devices, disable security systems, and access network configuration.

🟢

If Mitigated

Limited impact with proper network segmentation and firewall rules preventing external access to vulnerable devices.

🌐 Internet-Facing: HIGH - The vulnerability allows remote exploitation without authentication, making internet-exposed devices immediate targets.
🏢 Internal Only: MEDIUM - Internal attackers or malware could exploit this to pivot within the network, but requires initial network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability involves accessing improperly secured configuration storage, which is straightforward to exploit once identified. Public advisories provide technical details that could be weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: System Version newer than -118

Vendor Advisory: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-003-zipato-zipabox-insecure-configuration-storage/

Restart Required: Yes

Instructions:

1. Check current system version in Zipabox web interface. 2. If version is -118 or earlier, contact Zipato support for firmware update. 3. Download and apply the firmware update through the web interface. 4. Reboot the device after update completes.

🔧 Temporary Workarounds

Network Isolation

all

Place Zipabox on isolated VLAN without internet access

Firewall Restrictions

linux

Block all external access to Zipabox management interface

iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 80 -j DROP
iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

  • Disconnect Zipabox from internet completely
  • Replace vulnerable device with updated hardware version

🔍 How to Verify

Check if Vulnerable:

Access Zipabox web interface, navigate to System Information, check if System Version is -118

Check Version:

curl -s http://zipabox-ip/system/info | grep 'System Version'

Verify Fix Applied:

After update, verify System Version shows newer than -118 in web interface

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to configuration endpoints
  • Multiple failed login attempts followed by configuration access

Network Indicators:

  • Unusual outbound connections from Zipabox
  • External IPs accessing configuration endpoints

SIEM Query:

source="zipabox" AND (uri="/config/*" OR uri="/system/*") AND src_ip NOT IN [trusted_networks]

📊 Metadata

CVE ID: CVE-2018-15123
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: August 13, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON