Category: Advisories

  • Advisory: WeChat Depecrated Portal Login

    WeChat has disabled portal login function for their WiFi on 19 Aug 2019, due to tightened security restrictions of IOS 13 and Andriod Q. With this change, ANTlabs’ WeChat direct login will not work anymore.  Our Engineering Team is still analyzing whether there is a replacement for this.  This advisory shall be updated as soon […]

  • Advisory: Slow Captive Portals on iOS

    Publication Date: 7 July 2019Last Updated: 27 August 2019 It has come to our attention that some users have been experiencing a delay in loading captive portals on Apple devices. The said delay sometimes takes up to a minute. This behavior has been observed on devices that are on iOS 12. It was also observed […]

  • Advisory: Root privilege escalation from authenticated local console account vulnerability

    Publication Date: 1 Sep 2018 Last Updated: 5 Sep 2018 Description We are aware of a security vulnerability where a local console account user can perform root privileged escalation. Impact This is a medium-severity security vulnerability as a local authenticated non-privileged console user can gain root privilege access to the gateway. If remote shell access […]

  • Advisory: Captive Portal Redirection for HTTPS Websites

    What to do when users get browser and smartphone security warnings when connecting to your network ANTlabs gateways have a unique feature that can redirect HTTPS web requests to the captive portal or landing page. This feature was very useful earlier in comparison to other competitors that can only redirect HTTP web requests, thus enhancing […]

  • Advisory: Intel Spectre and Meltdown

    Publication Date: 10th Jan 2018 Last Updated: 19th Jan 2018 Version 1.04: Interim Description On 3rd January 2018, 3 vulnerabilities were disclosed for Intel microprocessors that could allow an attacker that has local access to a server to read privileged information belonging to other processes or the operating system by installing and executing a malicious […]

  • Advisory: Fidelio Opera Ignoring DB Sync Request from ANTlabs Gateways

    Publication Date: 17 November 2016 Description There is a PMS default setting on the Fidelio Opera system which specifies that the PMS will ignore DB sync request less than 60s. With this default setting configured, the Opera PMS will ignore all DB sync requests that it receives from our gateway within 60s of establishing connection. This […]

  • Advisory: DROWN Vulnerability (CVE-2016-0800)

    Publication Date: 7 March 2016 Updated: 15 March 2016 Description A vulnerability that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. The Traffic between clients and non-vulnerable servers can be decrypted if another server supporting SSLv2 and EXPORT ciphers shares the […]

  • Advisory: SQL Injection and Reflected Cross Site Scripting Vulnerabilities (CVE-201502849 and CVE-2015-2850)

    Publication Date: 06 Jul 2015 Description SQL Injection Vulnerability A vulnerability which allows user to perform queries on the underlying datastore via ppli URL parameter of the default login page main.ant; CVE-2015-2849 Cross-Site Scripting Vulnerability A reflected cross-site scripting vulnerability exists in the msg URL parameter of the admin login page index-login.ant; CVE-2015-2850 Impact A remote […]

  • Advisory: Rsync remote file system access vulnerability CVE-2015-0932

    Security Advisory Publication Date: 26 March 2015 Description An incorrect rsync configuration on certain models of our gateway products allows an external system to obtain unrestricted remote read/write file access. Impact A remote unauthenticated user with unrestricted access to the rsync port to affected gateway products may be allowed full read/write access to the file […]

  • UPDATE on Vulnerability CVE-2015-0932

    We would like to proactively inform you about a zero-day vulnerability found with some of our InnGate HSIA gateways. We also would like to update you that a fix for the vulnerability is already available since 26 Mar 2015 and that we are actively working with our partners to patch your InnGate to secure it. […]