[FD] [CVE-2017-7728] -Denial of Service in iSmartAlarm

[Ilia Shnaidman <Ilia.Shnaidman@xxxxxxxxxxxxx>]

[+] Credits: Ilia Shnaidman
[+] @0x496c on Twitter
[+] Source:
http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/


Vendor:
=============
iSmartAlarm, inc.


Product:
=============
iSmartAlarm cube - All

iSmartAlarm is one of the leading IoT manufactures in the domain of smart alarm 
systems.
It provides a fully integrated alarm system with siren, smart cameras and locks.
It functions like any alarm system, but with the benefits of a connected 
device: alerts pop up on your phone,
offering you full remote control via mobile app wherever you are.


Vulnerability Type:
======================
Denial of Service


CVE Reference:
==============
CVE-2017-7730


Security Issue:
===============
iSmartAlarm cube is vulnereable to Denial of Service attack.
Sending a SYN flood on port tcp/12345 will freeze the iSmartAlarm's cube and it 
will stop responding.
The cube will stop operating and be frozen until the flood will stop.
During the flood, the user won't be able to turn on/off the cube, and all of 
the cube's functionality will be unresponsive.


Attack Vectors:
===============
Sending a Syn flood on port 12345 inside the LAN will disable cube 
functionality.
PoC:
hping --flood -S -p 12345 <iSmartAlarm's cube ip>


Network Access:
===============
Remote


Severity:
=========
High


Disclosure Timeline:
=====================================
Jan  30, 2017: Initial contact to vendor
Feb  1,  2017: Vendor replied, requesting details
Feb  2,  2017: Disclosure to vendor
Apr  12, 2017: After vendor didn't replied, I've approached CERT
Apr  13, 2017: Confirmed receipt by CERT and assigning CVEs
July 05, 2017: Public disclousre

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/