Lorex LNC116 / LNC104 IP Camera Authentication Bypass

2013.02.06
Credit: Jason Doyle
Risk: High
Local: No
Remote: Yes
CVE: CVE-2012-6451
CWE: CWE-287


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Product: Lorex LNC116 and LNC104 IP Cameras Vendor: LOREX Technology Inc. Vulnerability Type: Authentication Bypass Vulnerable Firmware Version(s): 030312 and earlier Tested Firmware Version: 030312 Fixed Firmware Version: 030405 Solution Status: Fixed by Vendor Vendor Notification: December 22, 2012 Public Disclosure: February 5, 2013 CVE Reference: CVE-2012-6451 Credit: Jason Doyle / Twitter @jasond0yle Advisory Details: The cameras web interface uses HTTP Basic for authentication, but authentication details are only validated on the home login page. By forced browsing, or navigating directly to any valid URL on the web interface other than the homepage, it is possible to bypass authentication. Risk: It's possible to view the live video feed and/or change all configurable settings anonymously. Proof of Concept: Navigate directly to http://x.x.x.x/cgi-bin/display.cgi to view the cameras live video feed anonymously. Solution: Upgrade to firmware version 030405.


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top