TP-LINK TL-SC3171 IP cameras suffer from an authentication bypass vulnerability.
f6d178a063dd3ed0597d4ff68aeb5b7ce510edc4d8a50b381af599f1db6c358c===========================================================================
TP-LINK
====================================================================
===========================================================================
1.Advisory Information
Title: TP-LINK TL-SC3171 Vulnerability
Date Published: 12/06/2013
Date of last updated: 12/06/2013
2.Vulnerability Description
The next vulnerability has been found in this device:
-CVE-2013-3688. Authentication Bypass Issues(CWE-592) and Execution with Unnecessary Privileges(CWE-250).
3.Affected Products
-CVE-2013-3688. The following product are affected: TP-LINK TL-SC3171
It’s possible others models are affected but they were not checked.
4.PoC
4.1.Execute Remote Command bypassing authentication
CVE-2013-3688, Execute Remote Command bypassing authentication.
We have found that is possible to reboot this kind of devices remotely. The attack vector is the following one:
_____________________________________________________________________________
http://xx.xx.xx.xx/cgi-bin/reboot
http://xx.xx.xx.xx/cgi-bin/hardfactorydefault
_____________________________________________________________________________
In the first one you will get blank page and you can’t re-login until the device is reboot.
In the second one, you will get a victory message and of course, in the next login you should introduce factory settings.
5.Credits
-CVE-2013-3688, was discovered by Eliezer Varadé Lopez, Javier Repiso Sánchez and Jonás Ropero Castillo.
6.Report Timeline
-2013-05-31: Students team notifies the TP-Link Customer Support of the vulnerability. No reply received.
-2013-06-03: Students asks for a reply.
-2013-06-04: TP-Link answers saying Coresecurity reported this vulnerability before and this has been corrected in a new beta firmware version.
-2013-06-04: Students answer to the vendor saying that this vulnerability is different from the Coresecurity vulnerabilities.
-2013-06-05: TP-Link answers saying this vulnerability is the same as the vulnerability reported by Coresecurity.
-2013-06-05: Students respond by explaining the details of the vulnerability and confirming that the vulnerability is different.
-2013-06-06: TP-Link answer confirming that the vulnerability is fixed with the latest patch for the reported vulnerabilities generated by Coresecurity. The beta version is available on the website of TP-Link
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed