Carve Systems consultants performed, and continue to perform, research on a number of IoT devices. The Carve Systems team coordiantes its disclosure with vendors when at all possible. This advisory concerns SysLINK M2M Modular Gateway. The consultants discovered numerous security findings and disclosed these findings to the vendor.

This advisory covers three CVEs:

Full details can be found via our CERT/CC advisory VU#822980


Systech: VU#822980 [Public on 4/22/16]

Disclosure Timeline

  • 5/6/15 Reported to CERT/CC
  • 5/11/15 Received response from US CERT asking us to contact the vendor directly
  • 5/12/15 Emailed vendor directly
  • 3/4/16 CERT/CC assigns CVEs (CVE-2016-2331, CVE-2016-2332, CVE-2016-2333)
  • 3/24/16 Systech confirms fixes; ships new unit to Carve for testing
  • 4/22/16 CERT/CC publishes