Security researchers discovered vulnerabilities in Dell Wyse Thin client devices.
Dell Wyse Thin Clients
Wyse has been developing thin clients since the 90s and was acquired by Dell in 2012.
Vulnerability Summary:
Dell Wyse ThinOS is prone to insecure default configuration vulnerabilities.
However, These vulnerabilities can be exploited by an unauthenticated remote attacker to access a writable file that can be used to manipulate the configuration of a specific thin client.
The INI files contain a long list of configurable parameters.
Reading or altering those parameters opens the door to a variety of attack scenarios.
Likewise, Configuring and enabling VNC for full remote control, leaking remote desktop credentials, and manipulating DNS results are some of the scenarios to be aware of.
| Model | Affected Versions |
| Wyse 3020 | All versions up to ThinOS 8.6 (currently the latest) |
| Wyse 3030 LT | All versions up to ThinOS 8.6 (currently the latest) |
| Wyse 3040 | All versions up to ThinOS 8.6 |
| Wyse 5010 | All versions up to ThinOS 8.6 (currently the latest) |
| Wyse 5040 AIO | All versions up to ThinOS 8.6 (currently the latest) |
| Wyse 5060 | All versions up to ThinOS 8.6 (currently the latest) |
| Wyse 5070 | All versions up to ThinOS 8.6 |
| Wyse 5070 Extended | All versions up to ThinOS 8.6 |
| Wyse 5470 | All versions up to ThinOS 8.6 |
| Wyse 5470 AIO | All versions up to ThinOS 8.6 |
| Wyse 7010 | All versions up to ThinOS 8.6 (currently the latest) |
CVE-2020-29491 —
| Risk Level: | A maximum severity score of 10.0 has been assigned to this vulnerability. The CVSS vector string is AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| Date Reported: | June, 2020 |
| CISA Advisory date: | December 21, 2020 |
CVE-2020-29492 —
| Risk Level: | A maximum severity score of 10.0 has been assigned to this vulnerability. The CVSS vector string is AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| Date Reported: | June, 2020 |
| CISA Advisory date: | December 21, 2020 |
Security Recommendations:
According to CyberMDX Research Team,
If your device cannot be upgraded to ThinOS 9.x, it is recommended you disable the use of FTP for obtaining the vulnerable files.
On the ThinOS client desktop
Navigate to System Setup > Central Configuration > General.
Remove any FTP settings present. Where remote management is required, please use other methods – https server or Wyse Management Suite.
Note: Information on configuring those can be found online on Dell’s website.
On your DHCP server
Dell Wyse uses DHCP option tags 161 and 162 to configure the ThinOS client, file server, and path information.
Importantly, Make sure your DHCP server does not reconfigure those back to the FTP server on every DHCP interaction.
Leave A Comment