NC450 1.5.0 Build 181022 Rel.3A033D Hardcoded Credentials

2019-04-05T00:00:00
ID PACKETSTORM:152409
Type packetstorm
Reporter Sachin Wagh
Modified 2019-04-05T00:00:00

Description

                                        
                                            `*Summary:*  
  
The NC450 is your favorable companion that meets to home and office  
surveillance needs, keeping you in touch with what matters most. With its  
smooth and durable Pan/Tilt of up to 300/110 degrees, you can turn the  
camera to almost any position you want and watch over a wider area of your  
home.  
  
HD Pan/Tilt Wi-Fi Camera NC450 contain hard-coded credentials within its  
Linux distribution image. This credentials (root:root) cannot be changed  
through any normal operation of the camera.  
  
*Vendor:*  
  
TP-LINK Technologies Co., Ltd. - http://www.tp-link.us  
  
*Affected Version:*  
  
NC450 1.5.0 Build 181022 Rel.3A033D  
  
*Vendor Status*  
  
N/A  
  
*Proof Of Concept:*  
  
/home/oit/Desktop/Firmware/_NC450_1.5.0_Build_181022_Rel.3A033D.bin.extracted/jffs2-root  
[oit@ubuntu] [10:34]  
> grep -iRn "root:" .  
Binary file ./fs_1/bin/pppd matches  
./fs_1/etc/passwd:1:root:$1$gt7/dy0B$6hipR95uckYG1cQPXJB.H.:0:0:Linux  
User,,,:/home/root:/bin/sh  
./fs_1/etc/group:1:root:x:0:  
  
  
root@kali:~# cat hash.me  
root:$1$gt7/dy0B$6hipR95uckYG1cQPXJB.H.:0:0:Linux User,,,:/home/root:/bin/sh  
root@kali:~# john hash.me --show  
root:root:0:0:Linux User,,,:/home/root:/bin/sh  
  
1 password hash cracked, 0 left  
  
*Credit:*  
  
Sachin Wagh (@tiger_tigerboy)  
  
*Reference:*  
  
https://www.tp-link.com/in/home-networking/cloud-camera/nc450/  
https://www.tp-link.com/in/support/download/nc450/#Firmware  
  
Best Regards,  
  
*Sachin Wagh*  
Security Researcher  
`