A dozen Dell Wyse thin client models are vulnerable to critical issues that could be exploited by a remote attacker to run malicious code and gain access to arbitrary files. The vulnerabilities (tracked as CVE-2020-29492) are in components of ThinOS, the operating system on Dell’s thin clients. Researchers at CyberMDX, a company focusing on cybersecurity in the healthcare sector, found that FTP access is possible with no credentials, using “anonymous”” user. Only the firmware and packages are signed
Source: security

