CVE-2019-10479
📋 TL;DR
CVE-2019-10479 allows remote attackers to gain administrative access to Glory RBW-100 Front Circle Controller web interfaces using hard-coded credentials. This affects organizations using Glory RBW-100 devices with vulnerable firmware versions, potentially exposing building access control systems to unauthorized administrative control.
💻 Affected Systems
- Glory RBW-100 Front Circle Controller
📦 What is this software?
Rbw 100 Firmware by Glory Global
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of building access control systems, allowing attackers to unlock doors, disable alarms, manipulate access logs, and potentially gain physical access to secured areas.
Likely Case
Unauthorized administrative access to the web interface, enabling configuration changes, user management modifications, and potential lateral movement within the network.
If Mitigated
Limited impact if devices are isolated behind firewalls, use network segmentation, and have additional authentication layers preventing external access.
🎯 Exploit Status
Exploitation requires only knowledge of the hard-coded credentials and network access to the web interface. No special tools or skills needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: No official vendor advisory found
Restart Required: No
Instructions:
Contact Glory Systems for firmware updates or replacement guidance. No official patch instructions available.
🔧 Temporary Workarounds
Network Isolation
allIsolate RBW-100 devices on separate VLANs with strict firewall rules preventing external and unnecessary internal access.
Access Control Lists
allImplement IP-based access control lists to restrict which systems can connect to the RBW-100 web interface.
🧯 If You Can't Patch
- Deploy network segmentation to isolate RBW-100 devices from untrusted networks
- Implement strict firewall rules allowing only necessary management traffic from authorized IP addresses
🔍 How to Verify
Check if Vulnerable:
Check device firmware version via web interface or console. If running ISP-K05-02 7.0.0, device is vulnerable.Check Version:
Check web interface system information page or use vendor-specific console commandsVerify Fix Applied:
Attempt to authenticate with known hard-coded credentials. If authentication fails, the fix may be applied.📡 Detection & Monitoring
Log Indicators:
- Multiple failed login attempts followed by successful admin login
- Admin login from unusual IP addresses
- Configuration changes from unexpected sources
Network Indicators:
- HTTP requests to RBW-100 web interface from external IPs
- Traffic patterns indicating credential brute-forcing
SIEM Query:
source_ip=* AND destination_port=80 AND (uri_contains="/login" OR uri_contains="/admin") AND status_code=200