[EAS] Viavi EASyCAP -- Risks of Internet exposure in US
Shawn Merdinger
shawnmer at gmail.com
Sat Apr 4 11:57:06 CDT 2020
Friday, 3 April 2020
This is addressed to the Broadcast Engineering Community.
Per Shodan, there are a number of Viavi EASyCAP admin logins
accessible to public Internet on TCP/80 and TCP/443.
This exposure increases risk of brute force login attempts and
potential impact to device under repeated Internet attacks.
A recent attack on a Viavi EASyCAP device took place in Washington
State resulting in false radiological threat sent to 3000+ WAVE
Broadband customers. The Shodan record of that WAVE Broadband
compromised device and the exposure is here:
https://beta.shodan.io/host/66.235.63.36/history
News of WAVE Broadband attack:
https://www.kiro7.com/news/local/false-alert-indicating-radiological-incident-appeared-tv-jefferson-county/KJI2SNVTZBE6DAOMYWFOQK47SM/
Having these devices' admin interface exposed to the public Internet
is exceedingly risky.
For security hardening, please refer to the vendor and also to SBE.org
EAS security notes: https://www.sbe.org/sections/news/EASsecurity.php
Issue #1: 90 Viavi EASyCAP login via HTTP (port 80, no encryption).
Shodan search:
https://www.shodan.io/search?query=title%3Aeasycap+port%3A%2280%22
Shodan pages for each host:
https://www.shodan.io/host/104.201.76.42
https://www.shodan.io/host/107.131.170.195
https://www.shodan.io/host/107.167.199.158
https://www.shodan.io/host/108.94.20.9
https://www.shodan.io/host/125.17.142.3
https://www.shodan.io/host/173.162.54.27
https://www.shodan.io/host/173.199.195.154
https://www.shodan.io/host/173.199.195.194
https://www.shodan.io/host/184.159.132.30
https://www.shodan.io/host/184.170.67.49
https://www.shodan.io/host/184.170.67.65
https://www.shodan.io/host/184.170.67.66
https://www.shodan.io/host/184.170.67.67
https://www.shodan.io/host/184.170.67.68
https://www.shodan.io/host/184.170.67.69
https://www.shodan.io/host/184.170.94.3
https://www.shodan.io/host/184.170.95.11
https://www.shodan.io/host/184.170.95.12
https://www.shodan.io/host/192.119.244.246
https://www.shodan.io/host/204.111.12.18
https://www.shodan.io/host/204.111.12.98
https://www.shodan.io/host/204.111.179.149
https://www.shodan.io/host/204.111.208.218
https://www.shodan.io/host/204.111.217.197
https://www.shodan.io/host/204.111.250.10
https://www.shodan.io/host/204.111.250.5
https://www.shodan.io/host/204.111.251.20
https://www.shodan.io/host/204.111.251.6
https://www.shodan.io/host/204.111.3.34
https://www.shodan.io/host/204.111.3.35
https://www.shodan.io/host/204.111.5.19
https://www.shodan.io/host/205.201.111.11
https://www.shodan.io/host/205.201.99.135
https://www.shodan.io/host/206.169.218.103
https://www.shodan.io/host/207.172.156.10
https://www.shodan.io/host/207.172.156.14
https://www.shodan.io/host/207.172.156.2
https://www.shodan.io/host/207.172.156.6
https://www.shodan.io/host/207.172.195.54
https://www.shodan.io/host/207.96.2.28
https://www.shodan.io/host/207.96.2.36
https://www.shodan.io/host/207.96.2.4
https://www.shodan.io/host/207.96.2.42
https://www.shodan.io/host/208.104.9.30
https://www.shodan.io/host/208.114.64.85
https://www.shodan.io/host/208.180.143.133
https://www.shodan.io/host/209.33.10.119
https://www.shodan.io/host/209.33.122.132
https://www.shodan.io/host/209.33.23.98
https://www.shodan.io/host/209.33.5.179
https://www.shodan.io/host/209.33.6.118
https://www.shodan.io/host/209.33.67.158
https://www.shodan.io/host/209.33.7.121
https://www.shodan.io/host/209.33.71.150
https://www.shodan.io/host/209.33.88.124
https://www.shodan.io/host/209.54.12.101
https://www.shodan.io/host/216.82.202.18
https://www.shodan.io/host/216.82.203.26
https://www.shodan.io/host/24.100.118.241
https://www.shodan.io/host/24.100.127.230
https://www.shodan.io/host/24.149.86.133
https://www.shodan.io/host/24.149.86.18
https://www.shodan.io/host/24.206.136.48
https://www.shodan.io/host/24.206.197.20
https://www.shodan.io/host/24.223.68.224
https://www.shodan.io/host/24.32.111.208
https://www.shodan.io/host/24.32.128.32
https://www.shodan.io/host/24.32.142.16
https://www.shodan.io/host/24.32.147.5
https://www.shodan.io/host/24.32.178.87
https://www.shodan.io/host/24.32.213.13
https://www.shodan.io/host/24.32.216.180
https://www.shodan.io/host/24.32.252.5
https://www.shodan.io/host/24.48.162.35
https://www.shodan.io/host/24.53.78.232
https://www.shodan.io/host/24.53.79.51
https://www.shodan.io/host/32.217.99.25
https://www.shodan.io/host/38.39.144.15
https://www.shodan.io/host/45.78.143.66
https://www.shodan.io/host/47.209.60.3
https://www.shodan.io/host/64.126.162.101
https://www.shodan.io/host/64.203.146.106
https://www.shodan.io/host/64.250.161.29
https://www.shodan.io/host/66.103.127.240
https://www.shodan.io/host/66.205.100.8
https://www.shodan.io/host/66.205.104.57
https://www.shodan.io/host/66.207.0.90
https://www.shodan.io/host/67.158.31.188
https://www.shodan.io/host/72.255.103.126
https://www.shodan.io/host/72.255.107.54
https://www.shodan.io/host/72.255.81.50
https://www.shodan.io/host/72.255.81.54
https://www.shodan.io/host/72.255.83.22
https://www.shodan.io/host/72.47.64.217
https://www.shodan.io/host/72.47.82.8
https://www.shodan.io/host/72.51.131.215
https://www.shodan.io/host/74.84.101.106
https://www.shodan.io/host/75.112.111.146
https://www.shodan.io/host/76.11.223.177
Issue #2: 97 Viavi EASyCAP login via HTTPS (port 443 exposed public Internet).
Shodan search:
https://www.shodan.io/search?query=title%3Aeasycap+port%3A%22443%22
Shodan pages for each host:
https://www.shodan.io/host/104.201.76.42
https://www.shodan.io/host/107.131.170.195
https://www.shodan.io/host/107.167.199.158
https://www.shodan.io/host/108.175.244.209
https://www.shodan.io/host/173.162.54.27
https://www.shodan.io/host/173.199.195.154
https://www.shodan.io/host/173.199.195.194
https://www.shodan.io/host/184.159.132.30
https://www.shodan.io/host/184.170.67.49
https://www.shodan.io/host/184.170.67.67
https://www.shodan.io/host/184.170.67.68
https://www.shodan.io/host/184.170.67.69
https://www.shodan.io/host/184.170.94.3
https://www.shodan.io/host/184.170.95.11
https://www.shodan.io/host/184.170.95.12
https://www.shodan.io/host/184.170.95.14
https://www.shodan.io/host/192.119.244.246
https://www.shodan.io/host/204.111.12.18
https://www.shodan.io/host/204.111.179.149
https://www.shodan.io/host/204.111.208.218
https://www.shodan.io/host/204.111.217.197
https://www.shodan.io/host/204.111.250.10
https://www.shodan.io/host/204.111.250.5
https://www.shodan.io/host/204.111.251.20
https://www.shodan.io/host/204.111.251.6
https://www.shodan.io/host/204.111.3.34
https://www.shodan.io/host/204.111.3.35
https://www.shodan.io/host/204.111.5.19
https://www.shodan.io/host/205.201.111.11
https://www.shodan.io/host/205.201.99.135
https://www.shodan.io/host/206.169.218.103
https://www.shodan.io/host/207.172.156.10
https://www.shodan.io/host/207.172.156.14
https://www.shodan.io/host/207.172.156.2
https://www.shodan.io/host/207.172.156.6
https://www.shodan.io/host/207.172.195.54
https://www.shodan.io/host/207.242.1.64
https://www.shodan.io/host/207.96.2.28
https://www.shodan.io/host/207.96.2.36
https://www.shodan.io/host/207.96.2.4
https://www.shodan.io/host/207.96.2.50
https://www.shodan.io/host/208.104.9.30
https://www.shodan.io/host/209.33.122.132
https://www.shodan.io/host/209.33.28.51
https://www.shodan.io/host/209.33.4.155
https://www.shodan.io/host/209.33.5.179
https://www.shodan.io/host/209.33.6.118
https://www.shodan.io/host/209.33.67.158
https://www.shodan.io/host/209.33.7.121
https://www.shodan.io/host/209.33.71.150
https://www.shodan.io/host/209.54.12.101
https://www.shodan.io/host/24.100.118.241
https://www.shodan.io/host/24.100.127.230
https://www.shodan.io/host/24.149.86.133
https://www.shodan.io/host/24.149.86.18
https://www.shodan.io/host/24.206.136.48
https://www.shodan.io/host/24.206.197.20
https://www.shodan.io/host/24.223.68.224
https://www.shodan.io/host/24.32.111.208
https://www.shodan.io/host/24.32.142.16
https://www.shodan.io/host/24.32.143.188
https://www.shodan.io/host/24.32.147.5
https://www.shodan.io/host/24.32.178.87
https://www.shodan.io/host/24.32.213.13
https://www.shodan.io/host/24.32.216.180
https://www.shodan.io/host/24.32.252.5
https://www.shodan.io/host/24.32.72.133
https://www.shodan.io/host/24.48.162.35
https://www.shodan.io/host/24.53.78.232
https://www.shodan.io/host/24.53.79.51
https://www.shodan.io/host/32.217.99.25
https://www.shodan.io/host/38.39.144.15
https://www.shodan.io/host/45.78.143.66
https://www.shodan.io/host/50.250.195.54
https://www.shodan.io/host/50.80.43.182
https://www.shodan.io/host/64.126.162.101
https://www.shodan.io/host/64.203.146.106
https://www.shodan.io/host/66.103.127.240
https://www.shodan.io/host/66.205.100.8
https://www.shodan.io/host/66.205.104.57
https://www.shodan.io/host/67.158.138.39
https://www.shodan.io/host/67.158.31.188
https://www.shodan.io/host/68.118.56.103
https://www.shodan.io/host/72.255.103.126
https://www.shodan.io/host/72.255.107.54
https://www.shodan.io/host/72.255.81.50
https://www.shodan.io/host/72.255.83.22
https://www.shodan.io/host/72.51.131.215
https://www.shodan.io/host/74.84.101.106
https://www.shodan.io/host/76.11.223.177
https://www.shodan.io/host/99.197.67.229
--scm
Security Researcher
More information about the EAS
mailing list