Owning Big Brother: How to Crack into Axis IP cameras

2007.10.05
Credit: Procheckup
Risk: Low
Local: No
Remote: Yes
CWE: N/A

The research is made of two components: a purple paper and a video. The research doesn't just cover boring PoCs, but actual Hollywood-style exploits :-) . Yes, this includes the classic attack in which the legitimate video stream gets replaced by another stream that keeps looping forever! In the paper we only cover new vulnerabilities affecting older _and_ the latest firmware. The most eye-catching ones are perhaps the following issues affecting the latest version of the firmware (2.43): System-wide Cross-site Request Forgeries (CSRF) ? any admin action can be forged by design! Non-persistent Cross-site Scripting (XSS) on 404 error pages Persistent cross-site Scripting (XSS) on the network settings page Persistent cross-site Scripting (XSS) on the video viewing page Persistent cross-site Scripting (XSS) on the logs viewing facility For more info please see: http://www.procheckup.com/Vulnerability_2007.php


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top