Security News > 2020 > December > Critical bugs in Dell Wyse ThinOS allow thin client take over
Almost a dozen Dell Wyse thin client models are vulnerable to critical issues that could be exploited by a remote attacker to run malicious code and gain access to arbitrary files.
It is estimated that more than 6,000 organizations, most of them from the healthcare sector, have deployed Dell Wyse thin clients on their networks.
The vulnerabilities are in components of ThinOS, the operating system on Dell Wyse thin clients.
"Since there are no credentials, essentially anyone on the network can access the FTP server and modify that INI file holding configuration for the thin client devices"- Elad Luz.
One scenario an attacker could leverage these vulnerabilities is to read or modify parameters in the configuration file that would give them remote control over the thin device.