systech 2016 advisory

April 2016 Systech Advisory


Carve Systems consultants performed, and continue to perform, research on a number of IoT devices. The Carve Systems team coordiantes its disclosure with vendors when at all possible. This advisory concerns SysLINK M2M Modular Gateway. The consultants discovered numerous security findings and disclosed these findings to the vendor.
 

Systech: VU#822980 [Public on 4/22/16]

Disclosure Timeline

  • 5/6/15 Reported to CERT/CC
  • 5/11/15 Received response from US CERT asking us to contact the vendor directly
  • 5/12/15 Emailed vendor directly
  • 3/4/16 CERT/CC assigns CVEs (CVE-2016-2331, CVE-2016-2332, CVE-2016-2333)
  • 3/24/16 Systech confirms fixes; ships new unit to Carve for testing
  • 4/22/16 CERT/CC publishes http://www.kb.cert.org/vuls/id/822980