Multiples vulnerabilities have been found in these networked video cameras. Authentication Bypass Issues(CWE-592) and Clear Text Storage of Sensitive Information(CWE-312), Cross Site Request Forgery(CWE-352), Permissions, Privileges, and Access Control(CWE-264) and Execution with Unnecessary Privileges(CWE-250)
The information has been provided by Eliezer Varad Lopez, Javier Repiso S nchez and Jon s Ropero Castillo.
Authentication Bypass & Clear Text Storage of Sensitive Information
CVE-2013-3689, These allows you to download the all the configuration device file writing the next URL (all data shown will be in plain text). It s not necessary any authentication.
The most interesting parameters could be:
UserSetSetting.userList.users[n ].password= ***
UserSetSetting.userList.users[n ].name= ***
Cross Site Request Forgerty (CSRF) + Privilege Escalation
CVE-2013-3690, CSRF is possible via POST method. Also is possible a privilege escalation from a viewer user to an administrator user. These cameras use a web interface which is prone to CSRF vulnerabilities. A malicious user can try targeted attacks by sending a special CSRF vector. This allows you to manipulate web interface parameters.The following request can exploit this vulnerability
-2013-05-31: Students team notifies the Brickcom Customer Support of the vulnerabilities.
-2013-05-31: Brickcom answers saying this in accordance with some of the vulnerabilities, but there are some that they think is not correct.
(CVE-2013-3689, Authentication bypass and plain text information: After talk with vendor, it s looks that after firmware 3.1.x.x, this bug is fixed but still the information is shown in plain text, so they should fix this second one)
-2013-06-03: Students check and communicate Brickcom the detail products and firmwares affected by vulnerabilities.
-2013-06-04: The vendor is agree with everything stated and reports that will fix it as soon as possible.