The vulnerability of the Zivif PR115-204-P-RS webcam’s microprogramming software, related to errors in managing registration data, allows a hacker to obtain user login credentials.

The vulnerability of the Zivif PR115-204-P-RS webcam’s microprogramming software is related to errors in managing registration data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain user credentials using an HTTP request...

The vulnerability of the Zivif PR115-204-P-RS webcam’s microprogramming software relates to the use of pre-installed credentials, allowing a intruder to gain access to the device with root privileges.

The vulnerability of the Zivif PR115-204-P-RS webcam’s microprogramming software is related to the use of pre-set credentials the password “cat1029” for the “root” user. Exploiting this vulnerability allows a malicious actor to gain access to the device with root privileges through a Telnet...

Zivif PR115-204-P-RS Security Bypass Vulnerability

The Zivif PR115-204-P-RS is a webcam device. A security bypass vulnerability exists in the Zivif PR115-204-P-RS version 2.3.4.2103, which stems from the program's failure to perform sufficient authentication checks on requests sent to a CGI page. A remote attacker can exploit the vulnerability by...

CVE-2017-17106

Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages...

CVE-2017-17107

Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session...

Design/Logic Flaw

Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages...

Command injection

Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 and possibly in-between versions web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a...

Hardcoded credentials

Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session...

CVE-2017-17105

Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 and possibly in-between versions web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a...

CVE-2017-17106

Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages. Recent assessments...

CVE-2017-17105

Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 and possibly in-between versions web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a...

CVE-2017-17107

Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session...

CVE-2017-17106

Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages...

CVE-2017-17105

CVE-2017-17105 affects Zivif PR115-204-P-RS webcams (notably V2.3.4.2103 and V4.7.4.2121 and potentially intermediate builds). The vulnerability is an unauthenticated, blind remote command injection via CGI scripts used in the web interface, demonstrated by a request such as cgi-bin/iptest.cgi?cm...

CVE-2017-17106

CVE-2017-17106 affects Zivif PR115-204-P-RS V2.3.4.2103 Webcams. The vulnerability arises from a lack of authentication in CGI page requests (specifically /web/cgi-bin/hi3510/param.cgi?cmd=getuser), enabling an unauthenticated remote attacker to obtain credentials. Impact is credential disclosure...

CVE-2017-17107

CVE-2017-17107 affects Zivif PR115-204-P-RS Webcams (version 2.3.4.2103). The root user password is hard-coded as cat1029, and the SONIX OS setup makes it unchangeable, enabling root access via TELNET. This CVE is part of a set (CVE-2017-17105, -17106, -17107) describing authentication bypass, co...

Zivif PR115-204-P-RS 2.3.4.2103 Bypass / Command Injection / Hardcoded Password

Attack vector: Remote Authentication: None Researcher: Silas Cutler p1nk Release date: December 10, 2017 Full Disclosure: 90 days CVEs: CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107 Vulnerable Device: Zivif PR115-204-P-RS Version: V2.3.4.2103 Timeline: 1 September 2017: Initial alerting to...