Millet smart cameras small ants there is a remote command execution vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201558858
Type myhack58
Reporter 佚名
Modified 2015-02-07T00:00:00


! t0167153064b2673d18. png

Vulnerability description:

Small ants Camera application management program the presence of a remote command execution vulnerability through the web interface with root privileges to execute arbitrary system commands without any web permissions, now the official latest version already fix this vulnerability.

Affect range:

firmware version<=1.8.3. 4F_201410221315 Note:We do not find all the firmware versions, this version is our device factory version, but also we can find the presence of the vulnerability in the latest version

The exploit: the

Through the web application vulnerability configuration parameters, perform system commands.

! t0109e7036c8125d24e. png

! t01fc20a752b698b871. png

See the system command in the current execution privilege, the execution result for the highest system privileges.

! t010cc64c5615e3a0a5. png

[1] [2] next