Security News > 2020 > December > Critical Vulnerabilities Expose Dell Wyse Thin Client Devices to Attacks

Dell on Monday informed customers that updates released for some of its Wyse Thin Client products patch a couple of critical vulnerabilities that can be exploited remotely without authentication to compromise devices.

Dell Wyse Thin Client is a small form-factor PC series that runs an operating system named ThinOS, which Dell advertises as "The most secure thin client operating system." According to CyberMDX, there are more than 6,000 organizations using these products, including many healthcare providers, in the U.S. alone.

CyberMDX researchers noticed that the local FTP server used by Wyse Thin Client devices to obtain new firmware, packages and configurations is, by default, accessible without credentials, allowing anyone on the network to access it.

An attacker could access an INI file stored on this server that contains configuration data for thin client devices and make modifications to that file.

Dell informed customers that the vulnerabilities impact Wyse 3040, 5010, 5040, 5060, 5070, 5470 and 7010 thin client devices running ThinOS 8.6 and prior.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/-0GxLfGYbfQ/critical-vulnerabilities-expose-dell-wyse-thin-client-devices-attacks