CHT Security Red Team Discovered Several Vulnerabilities in Well-Known IP Camera
Summary
Vulnerability List
1. Command Injection
2. Broken Access Control (No authentication required)
3. Remote Admin Credential Disclosure (No authentication required)
Details
1. Command Injection
Description
A command injection vulnerability in the NTP setting allows authenticated administrator to execute arbitrary commands with root privileges.
Impact
An attacker can execute arbitrary commands to install malware.
2. Broken Access Control
Description
It allows attackers to create an arbitrary user via /apply2.cgi without any authentication.
Impact
An attacker can create an arbitrary user to bypass authentication.
3. Remote Admin Credential Disclosure
Description
The user credentials being stored in html(/new/setup.htm) with base64 encode.
Impact
The leaked user credentials of the system can be taken for further attack.
Products Affected
LILIN IP Camera P2 Series: Firmware Version <= 7.1.94.8908
LILIN IP Camera Z2 Series: Firmware Version <= 7.1.94.8908
Credits
Keniver Wang (CHT Security)
ChunHao Yang (CHT Security)