cythera-logo-darkmode
Are you experiencing a security incident?
Incident Response
Assess & Improve
Detect & Respond
Protect & Secure
Advise & Empower
Resources
Case Studies
Real-world examples
Articles
In-depth insights
Advisories
Newly discovered threats
About us
Leadership Team
Meet the experts
Events
Join upcoming events
Award & Certifications
Industry recognitions
Vendor Partners
Trusted vendors
Talk to an expert
Service Category
Services
Popular Services
Employee Cyber Training & Awareness
Train smart and stay secure
Advisory
Secure smarter with strategic security advisory
Managed Protection
Always-on protection. Smarter security
Security Architecture
Security that drives real results, cloud to full stack
Digital Forensics & Incident Response
DFIR experts, ready when you need them.
Cyber Threat Intelligence
Real time insights from Cassini CTI
Managed Detection & Response
Our experts watch, so you don’t have to.
Certification & Accreditation
Get certified with ease
Audit & Assurance
Audits you trust. Assurance that drives action.
Governance, Risk & Compliance
Simplfy compliance, strengthen protection
Cyber Maturity Assessments
Level up your cyber security game
Penetration Testing
Penetration testing that spots weaknesses
Case Studies
    
Articles
    
Advisories
    
Web Filter, CASB & DLP (Cloud Access Security Broker & Data Loss Prevention)
Web Application Penetration Testing
Vulnerability Management
Vulnerability Assessment
vITSM
Virtual Security Architect (vSecArch)
vCISO
System Security Plan
System Architecture, Design & Implementation
Strategic Security Consulting
SWIFT CSCF
Specialist Testing
Source Code Review
Social Engineering & Phishing
Security Policy and Standard Development
Security Incident Response Testing
Security Awareness Training
Secure Access Service Edge (SASE)
Risk Management
Risk Assessment
Red Teaming
Purple Teaming
NIST CSF Maturity Uplift
Payment Card Industry (PCI)
OT/SCADA Network Penetration Test
NIST CSF Assessment
ISO 27001
Internal Penetration Testing
Incident Response Tabletop Exercise
Incident Response
Forensics
External Penetration Testing
Executive & Board Reporting
Executive and Board Security Governance Training
Essential Eight Assessment
Endpoint Protection
Email Security
DevSecOps Review & Implementation
Denial of Service (DoS) Testing
Design Reviews
Dark Web Monitoring
Controls Validation Audit
Continuous Certification
Compliance Programme Management
Configuration Reviews
Cloud Security Configuration
Cloud Posture & Security
CIS Critical Controls Assessment
Automated Patch Management
CI/CD Health Check
Artificial Intelligence (AI) Penetration Test
All of Government Marketplace
Advanced OSINT Training Course
Application Penetration Tests
NIST CSF Assessment
ISO 27001
Internal Penetration Testing
External Penetration Testing
Essential Eight Assessment
Denial of Service (DoS) Testing
Dark Web Monitoring
cythera-logo-darkmode
Advise & Empower
Explore Solutions
Protect & Secure
Explore Solutions
Detect & Respond
Explore Solutions
Assess & Improve
Explore Solutions
Resources
Articles
Advisories
About Us
Explore Bastion
Leadership Team
Events
Award & Certifications
Our Community
Vendor Partners
Employee Cyber Training & Awareness
Advisory
Managed Protection
Security Architecture
Digital Forensics & Incident Response
Cyber Threat Intelligence
Managed Detection & Response
Certification & Accreditation
Audit & Assurance
Governance, Risk & Compliance
Cyber Maturity Assessments
Penetration Testing
Popular Services
NIST CSF Assessment
ISO 27001
Internal Penetration Testing
Incident Response
Talk to an expert
Resources
About Us
Advisories
>
Kramer VIA GO
Cythera Cyber Security

Kramer VIA GO

Cythera identified several critical vulnerabilities in Kramer VIA GO devices, enabling unauthenticated attackers to execute remote code. These issues may extend to other Kramer devices as well.
Talk to an expert

Introduction

Kramer VIA GO devices were impacted by several serious vulnerabilities. When chained with an older privilege escalation flaw (CVE-2021-35064) due to misconfigured Sudo rules, these issues enabled complete unauthenticated takeover of a device. The identified CVEs include:

  • CVE-2023-33507: Unauthenticated arbitrary file read
  • CVE-2023-33508: Unauthenticated file upload leading to remote code execution (RCE)
  • CVE-2023-33509: Unauthenticated SQL injection (Squeely)

The vulnerability

Using default credentials (su:supass), Cythera identified a vulnerability where an attacker could upload a file with a .php extension disguised as a font. Due to a lack of content validation, this file was accepted and written to disk. Once its location was identified, accessing the file directly in a browser allowed the execution of arbitrary PHP code on the server, giving the attacker control over the system. The team was able to extract the full PHP codebase and review available handlers, uncovering three high-severity issues. Further analysis of the latest firmware version (4.0.1.1326) showed that these handlers were excluded, but concerns remained due to scripts such as runpkg.sh still allowing risky commands during updates.

What is a Kramer VIA GO²?

Kramer VIA GO² is a wireless presentation system supporting 4K output and seamless connectivity for users on iOS, Android, Chromebook, PC, and Mac. The updated VIA 4.0 platform offers an intuitive, user-friendly interface that simplifies the connection process. All users, including guests, can connect easily and securely, with sessions automatically ending upon disconnection.

Security Vulnerabilities Overview

During testing of a device using default credentials (su:supass), it was discovered that the system allowed files with arbitrary extensions to be uploaded—including PHP scripts disguised as fonts. Once the file path was identified, the script could be executed via a browser, resulting in remote command execution (RCE). This access enabled extraction of the web application’s PHP source code, which had been obfuscated using IONCube. However, this protection was bypassed using freely available online tools.

Three critical vulnerabilities were found by reviewing available handler endpoints. While this review was limited, it is likely that additional issues remain in the codebase.

An audit of firmware version 4.0.1.1326 confirmed that the vulnerable handlers had been removed. The firmware’s update script (runpkg.sh) included commands to delete specific vulnerable files. Although the firmware was password protected, the decryption password was readily available within the source code.

Proofs of Concept

CVE-2023-33507 – Unauthenticated File Read
An unauthenticated user could retrieve the contents of sensitive files, such as /etc/passwd, by manipulating the downloadRecording.php endpoint.

CVE-2023-33509 – Unauthenticated SQL Injection
SQL injection was possible via the downloadMedia.php endpoint. Attackers could manipulate query parameters to extract data or read files such as /etc/passwd through crafted SQL statements.

CVE-2023-33508 – Unauthenticated Remote Code Execution via File Upload
The endpoint UploadWallpaper.php accepted unauthenticated file uploads. If it returned a prompt asking for an image to upload, it was likely exploitable. A PHP shell could be uploaded and accessed remotely, allowing full control over the device.

Potential Impact

These vulnerabilities allow attackers to take full control of the device through remote code execution or by collecting user credentials via embedded components.

Remediation

Update to firmware version 4.0.1.1326 or later, ensuring the system is first upgraded to version 4.0.

Disclosure Timeline

  • 21 February 2023 – Reported to CERT
  • 9 March 2023 – Vendor acknowledged the issue
  • 17 March 2023 – Vendor released patched firmware; vulnerable endpoints confirmed removed
  • 31 May 2023 – CVEs officially assigned

CIO
Government Agency
Cythera operates as an extension of our team. When we call there is an immediate response and the person that answers our call is the person that resolves our issue. Cythera understands our network, and more importantly, has taken the time to understand our business. We find it easy to work with Cythera. They are approachable, flexible and have taken the time to build deep relationships with our team. It is a partnership and friendship. Cythera’s personalised, highly specialised services makes all the difference. We would recommend Cythera to anyone in the industry looking for a managed services partner.
Expert methods

We have the tools to pinpoint risks

Whether it’s hidden vulnerabilities or patterns you might miss, we help you stay one step ahead and make confident, informed decisions. Understand how our services can help your business uncover critical risks

Talk to an expert
Employee Cyber Training & Awareness
Your people are your first line of defence. Our cyber training builds awareness sharpens instincts and turns everyday staff into assets.
Advisory
When clarity is critical and stakes are high, our advisory services deliver strategic, executive-level security expertise that empowers decision-making and resilient operations.
Advise & Empower
Protect & Secure
Detect & Respond
Assess & Improve
Back to top
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Dark
Resources
Case StudiesArticlesAdvisoriesOur ISO 27001 Certificate
About UsLeadership TeamEventsAwards & CertificationsOur CommunityVendor Partnership
Are you experiencing a security breach?
Incident Response
1300 298 437
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
© Copyright 2025. All rights reserved