CHT Security Red Team Discovered Several Vulnerabilities in Well-Known IP Camera

Summary

Vulnerability List

1. Command Injection

2. Broken Access Control (No authentication required)

3. Remote Admin Credential Disclosure (No authentication required)

Details

1. Command Injection

Description

A command injection vulnerability in the NTP setting allows authenticated administrator to execute arbitrary commands with root privileges.

Impact

An attacker can execute arbitrary commands to install malware.

2. Broken Access Control

Description

It allows attackers to create an arbitrary user via /apply2.cgi without any authentication.

Impact

An attacker can create an arbitrary user to bypass authentication.

3. Remote Admin Credential Disclosure

Description

The user credentials being stored in html(/new/setup.htm) with base64 encode.

Impact

The leaked user credentials of the system can be taken for further attack.

Products Affected

LILIN IP Camera P2 Series: Firmware Version <= 7.1.94.8908

LILIN IP Camera Z2 Series: Firmware Version <= 7.1.94.8908

Credits

Keniver Wang (CHT Security)

ChunHao Yang (CHT Security)