2023-08-29 14:48

CHT Security Blue Team Discovered Multiple Vulnerabilities in Well Known Camera IoT Devices

Summary


Vulnerability List


1. [CVE-2023-38027] Command Injection

2. [CVE-2023-38025] Command Injection

3. [CVE-2023-38024] Hidden Functionality

4. [CVE-2023-38026] Hard-coded Credential


Details


1. Command Injection


Description

The product has insufficient filtering for special parameter in their communication protocol.

An unauthenticated remote attacker can perform command injection attack to execute arbitrary system commands or disrupt service.


Impact

Unverified attackers can get full control of device to execute code remotely in the network.


The confidentiality, integrity, and availability of data and system will be compromised.


Version

Product Firmware version: 1.0036



2. Command Injection


Description

The product has insufficient filtering for special parameter in their communication protocol.

An unauthenticated remote attacker can perform command injection attack to execute arbitrary system commands or disrupt service.


Impact

Unverified attackers can get full control of device to execute code remotely in the network.


The confidentiality, integrity, and availability of data and system will be compromised.


Version

Product Firmware version: 1.0036



3. Hidden Functionality


Description

The product has hidden function to enable the insecure telnetd service

A remote attacker known the credential can login directly into system to execute arbitrary system commands or disrupt service.


Impact

Unverified attackers can enable the telnetd service without authentication.


The confidentiality, integrity, and availability of data and system will be compromised.


Version

Product Firmware version: 1.0036



4. Hard-coded credentials


Description

The product has hard-coded credential in u-boot firmware, the attacker can easily fetch / modify system with the credential.


Impact

Attackers can fetch/modify the firmware with the credentials.


The confidentiality, integrity, and availability of data and system will be compromised.


Version

Product Firmware version: 1.0036



Credit

* Lee Pu, Weber Tasi, KaiChing Wang (CHT Security)

近期消息