10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.027 Low
EPSS
Percentile
90.5%
## Vulnerabilities Summary
The following advisory describes three (3) vulnerabilities found in Ichano IP Cameras.
AtHome Camera is βa remote video surveillance app which turns your personal computer, smart TV/set-top box, smart phone, and tablet into a professional video monitoring system in a minute.β
The vulnerabilities found are:
Hard-coded username and password β telnet
Hard-coded username and password β Web server
Unauthenticated Remote Code Execution
## Credit
An independent security researcher, Tim Carrington, has reported this vulnerability to Beyond Securityβs SecuriTeam Secure Disclosure program.
## Vendor response
We tried to contact Ichano since November 21st 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for these vulnerabilities.
CVE: CVE-2017-17761
## Vulnerabilities details
Hard-coded username and password β telnet
The device runs a telnet server at startup with a default password of 123.
Hard-coded username and password β Web server
In /app/www/doc/script/login.js, in the function DoLogin(), client side validation is used to login a user:
```
if($("#UserName").val()=="super_yg"){jumpPage();return}
```
A user can login with these credentials and can then take control of the device over http:
Unauthenticated Remote Code Execution
The device runs βnoodlesβ binary β a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands.
The binary has a set of commands he can run β if a user will use the following βprotocolβ, command to be run is enclosed like html tags, i.e. <system>id</system>, a successful execution results in <system_ack>ok</system_ack>.
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.027 Low
EPSS
Percentile
90.5%