Security News > 2020 > December > Critical Vulnerabilities Expose Dell Wyse Thin Client Devices to Attacks
Dell on Monday informed customers that updates released for some of its Wyse Thin Client products patch a couple of critical vulnerabilities that can be exploited remotely without authentication to compromise devices.
Dell Wyse Thin Client is a small form-factor PC series that runs an operating system named ThinOS, which Dell advertises as "The most secure thin client operating system." According to CyberMDX, there are more than 6,000 organizations using these products, including many healthcare providers, in the U.S. alone.
CyberMDX researchers noticed that the local FTP server used by Wyse Thin Client devices to obtain new firmware, packages and configurations is, by default, accessible without credentials, allowing anyone on the network to access it.
An attacker could access an INI file stored on this server that contains configuration data for thin client devices and make modifications to that file.
Dell informed customers that the vulnerabilities impact Wyse 3040, 5010, 5040, 5060, 5070, 5470 and 7010 thin client devices running ThinOS 8.6 and prior.
News URL
Related news
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
- FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)