Best Top Reviews Online

Critical Vulnerabilities In Dell Wyse Thin Clients Permit Code Execution And Client Takeovers

The vulnerabilities have a severity rating of 10 on a scale from 1 to 10 based on the ease of exploitation.

Dell has patched two critical security flaws in its Dell Wyse Thin Client Devices, which are optimized for connecting to a remote desktop. The vulnerabilities allow arbitrary code execution and access to files and credentials, according to researchers.

Thin clients are less intelligent terminals that connect to applications hosted on a remote computer. They lack the processing power and intelligence of conventional PCs. In environments where employers restrict access to a subset of applications or resources, or for remote workers to connect back to headquarters, VPNs are frequently employed.

Since the 1990s, Wyse has been developing thin clients, and in 2012, Dell acquired the company. According to CyberMDX researchers, more than 6,000 companies and organizations in the United States use Dell Wyse thin clients within their network, with many of these (but not all) being healthcare providers.

Uncertainty surrounds the number of potentially affected devices, but Dell has previously stated that “millions” of Dell Wyse Thin Clients are deployed within organizations.

The devices utilize ThinOS, which is maintained remotely by default using a local File Transfer Protocol (FTP) server, from which the devices retrieve new firmware, packages, and configurations.

The first flaw (CVE-2020-29491), discovered by researchers, stems from the fact that Wyse Thin Client devices periodically ping the server to retrieve their most recent configurations. They perform this without authentication. The problem is that “the configuration for all thin clients is located on a remote server, which is accessible to anyone on the network,” CyberMDX’s head of research told Threatpost. “Meaning that a third party in the network could potentially compromise a device by simply reading its configuration files. This is because configuration files may contain credentials for various remote access methods.”

The second vulnerability (CVE-2020-29492) exists because the server that stores these configurations allows read-and-write access to its configuration files, allowing anyone on the network to read and modify them via FTP.

“The second vulnerability is the more egregiously dangerous of the two because it allows those files to be written, allowing for their modification. “Although they may sound similar, they are treated as separate issues because resolving one does not resolve the other,” Luz explained.

Together, the flaws pave the way for chaos and are sadly easy to exploit.

“One of the primary reasons why this vulnerability is so serious is that its attack complexity is so simple,” Luz explained. “Uploading a modified text configuration file via FTP to a configuration server is sufficient. No authentication is required for the thin client; the only possible authentication is with the FTP server (for the configuration upload), but by default, it is installed without credentials.

Even if credentials were applied, they would be the same for an organization’s entire Wyse fleet, which would be an insecure method, he noted.

To carry out the attacks, attackers must gain access to the organization’s network, which they can do through an initial-access attack via email or by exploiting another vulnerability.

INI File Modifications

The ability to modify the INI file containing configuration settings for thin-client devices is one of the most alarming outcomes of an attack, according to a CyberMDX blog post published on Monday.

According to the company, the INI files contain a long list of configurable parameters. Reading or modifying these parameters enables numerous attack scenarios, such as configuring and enabling virtual network computing (VNC) for full remote control, leaking remote-desktop credentials, and manipulating DNS results.

“As an example, these devices can be configured to permit VNC (a type of remote desktop control), credentials can be set, and the user prompt can be disabled,” Luz told Threatpost. “If a malicious actor uses the VNC configuration within the INI file, they will be able to access every desktop session from every thin client. This will give them the ability to remotely access files and execute arbitrary code on remote desktops. It is comparable to having unlimited access to an organization’s fleet of desktop computers.”

Both vulnerabilities received CVSS severity scores of 10 out of 10.

During the design phase of these devices, security is frequently neglected, according to Luz.

Affected are all Dell Wyse Thin Clients running ThinOS versions 8.6 and lower. Dell has released a patch; administrators should update to version 9. x as soon as possible. Others might require a workaround.

Other models should apply different mitigation and possibly wait for a newer release of ThinOs 8. x (which could be released this week),” Luz explained.

Why Trust Us?

Best Top Reviews Online was founded in 2018 to provide our readers with thorough, unbiased, and independent advice on what to buy. We now have millions of monthly users from all over the world and evaluate over 1,000 products per year.

The article above was written by the BestTopReviewsOnline team, which includes many of the US’s most knowledgeable technical experts. Our team includes well-known writers with extensive experience in mobile phones, computing, technology, photography, and other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
Attacks Targeting OMIGOD Vulnerability Ramping Up

September 20, 2021

Microsoft released patches for a remote code execution vulnerability in the Open Management Infrastructure (OMI) framework this month, and attackers are increasingly exploiting it. This critical vulnerability, dubbed OMIGOD and tracked as CVE-2021-38647, was discovered to affect Linux virtual machines…

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of