CVE-2021-29255 – MicroSeven MYM71080i-B devices transmit admin c... (How to Fix)

📋 TL;DR

MicroSeven MYM71080i-B devices transmit admin credentials in cleartext to a remote server, allowing attackers on the same network to intercept and capture these credentials. This affects all users of MicroSeven MYM71080i-B devices running vulnerable firmware versions.

💻 Affected Systems

Products:

MicroSeven MYM71080i-B

Versions: 2.0.5 through 2.0.20

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with default configuration are vulnerable when connected to a network

📦 What is this software?

Mym71080i B Firmware by Microseven

View all CVEs affecting Mym71080i B Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to the device, potentially compromising the entire surveillance system, accessing live feeds, modifying settings, or using the device as a foothold for further network attacks.

🟠

Likely Case

Attackers capture admin credentials and gain unauthorized access to the surveillance system, potentially viewing or manipulating camera feeds and device settings.

🟢

If Mitigated

With proper network segmentation and monitoring, credential capture can be detected and prevented before exploitation occurs.

🌐 Internet-Facing: LOW (The vulnerability involves local network traffic to a specific external server, not direct internet exposure of the device itself)

🏢 Internal Only: HIGH (Attackers must be on the same network, but once there, credential capture is straightforward)

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires network access but no authentication; simple packet capture tools can intercept credentials

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 2.0.20

Vendor Advisory: https://blog.microseven.com

Restart Required: Yes

Instructions:

1. Log into device admin interface
2. Navigate to firmware update section
3. Download and install firmware version newer than 2.0.20
4. Reboot device after installation

🔧 Temporary Workarounds

Network Segmentation

all

Isolate MicroSeven devices on separate VLAN to prevent credential capture from general network traffic

Firewall Block

linux

Block outbound connections to pnp.microseven.com TCP port 7007 at network perimeter

iptables -A OUTPUT -p tcp --dport 7007 -d pnp.microseven.com -j DROP

🧯 If You Can't Patch

Physically isolate device network from untrusted systems
Implement strict network monitoring for traffic to pnp.microseven.com:7007

🔍 How to Verify

Check if Vulnerable:

Use network monitoring tools (Wireshark, tcpdump) to capture traffic from device and check for cleartext credentials sent to pnp.microseven.com:7007

Check Version:

Check firmware version in device web interface under System Information

Verify Fix Applied:

After patching, verify no cleartext credentials are transmitted to pnp.microseven.com:7007 using network monitoring

📡 Detection & Monitoring

Log Indicators:

Failed login attempts from unexpected IPs
Configuration changes from unknown sources

Network Indicators:

Outbound connections to pnp.microseven.com:7007 containing credential strings
Unusual admin login patterns

SIEM Query:

destination_ip='pnp.microseven.com' AND destination_port=7007 AND protocol='TCP'

📊 Metadata

CVE ID: CVE-2021-29255

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-522

Published: March 26, 2021

Last Updated: November 21, 2024

🔗 References

https://blog.microseven.com Vendor Advisory
https://cybergladius.com/cve-2021-29255-vulnerability-disclosure/ Exploit,Third Party Advisory
https://blog.microseven.com Vendor Advisory
https://cybergladius.com/cve-2021-29255-vulnerability-disclosure/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-29255, you might also want to check these: