This writeup details multiple vulnerabilities in SedSystems D3 Decimator, including hardcoded credentials, arbitrary file download via a hidden API endpoint, and arbitrary code execution through a flawed firmware update mechanism. The analysis includes technical specifics such as API interactions, firmware reverse engineering, and exploit steps.
Classification
Writeup 95%
Attack Type
Rce | Auth Bypass | Info Leak
Target:
SedSystems D3 Decimator (firmware versions up to at least 3.0.12-1)
Auth required
Prerequisites:
Network access to TCP port 9784 · Default admin credentials (admin/admin) · Ability to upload a crafted tarball