Netvora logo
Submit Startup Subscribe
Home About Contact Submit Startup Subscribe

Security Flaws in NetFax Server to Remain Unpatched

Comment

Security Flaws in NetFax Server to Remain Unpatched

Netvora May 30, 2025 at 12:21 PM Security
Security Flaws in NetFax Server to Remain Unpatched

Security Flaws in NetFax Server to Remain Unpatched

By Netvora Tech News

A Taiwanese company, MICI Network, has decided not to patch security vulnerabilities in its NetFax server, despite the potential for hackers to gain remote access to the system. The server, which allows users to receive fax messages in their email inbox, contains three critical flaws that can be exploited to execute malicious code.

Severe Impact Score

The first vulnerability has an impact score of 9.4 out of 10, making it a severe threat to system security. The issue lies in the server's ability to disclose the default administrator login credentials via a GET request, allowing attackers to access the system without authentication.

Unencrypted Passwords

The second vulnerability is the storage of the SMTP password in plaintext, which can be accessed via a GET request. This means that attackers can easily obtain the password and use it to send malicious emails.

Command Injection Possible

The third and most critical vulnerability allows for command injection, which can lead to remote code execution. This means that an attacker can execute arbitrary commands on the server, giving them full control over the system.

Rapid7's Discovery

Security firm Rapid7 discovered the vulnerabilities and notified the Taiwanese Computer Emergency Response Team (TWCERT) to coordinate with MICI Network. However, the company refused to patch the flaws, citing that customers should not make the server accessible from the internet.

Risks and Recommendations

Rapid7 found 34 NetFax servers accessible from the internet and warns that even servers on local networks are vulnerable to exploitation. The company advises organizations to restrict access to NetFax servers only to necessary internal networks and to change default login credentials.

No Patch in Sight

With no patch in sight, organizations that use NetFax servers are advised to take immediate action to secure their systems. The lack of patching from MICI Network highlights the importance of vigilance in cybersecurity and the need for organizations to take proactive measures to protect themselves from potential threats.

Comments (0)

Leave a comment

Back to homepage

You might also like