Skip to main content

WAVE Sync: Vulnerability - Server Spoofing

  • Updated

Applies to:  WAVE Sync

Summary:

This is to inform you of a security vulnerability we have identified in our Cloud service.

Potential Impact:  If exploited, an attacker could perform a Man in the Middle attack and hijack the victim’s access to their VMS server

Upon discovering the vulnerability, our security team has: 

  • Promptly initiated a thorough investigation
  • Engaged with cybersecurity experts to enhance our security measures moving forward.  During our investigation, we have not found any evidence of this vulnerability being exploited yet.  Vulnerability exploitation is relatively hard and demands multiple prerequisites, yet still we recommend performing certain actions.

Resolution:

Fix:

  • Developed and tested a security fix to address the vulnerability.
  • This fix was deployed to WAVE Sync on September 27, 2023.

Recommended Action for Customers:

  • If you are using Wave Sync, we strongly urge you to change the VMS server owner’s (user “admin”) local password for added precaution. 
  • Perform users and permissions review. 

Support and Assistance:

Should you encounter any issues or require assistance with the update, please reach out to our dedicated support team at our Hanwha Support Portal

 

Related articles