The model described in this article was among the devices tested at this contest. It is also worth mentioning that the conference Positive Hack Days 8 included a camera hacking contest CAMBreaker. Most probably, some of the identified vulnerabilities exist in other MicroDigital devices whose assortment exceeds 150 camera models. Important: the firmware file available on the vendor’s website is compatible with the entire range of six N-series IP cameras produced by MicroDigital. The full list containing twelve common vulnerabilities and exposures (CVE) is available here. When researching the MicroDigital IP camera, I identified more than ten vulnerabilities including some critical ones. ![]() Taking that the authentication can be bypassed, this bug enables a malefactor to gain control over any camera with an open web interface and potentially use it for attacks. After reviewing httpd settings in /usr/local/httpd/conf/nf, I discovered that all requests made to /webparams are redirected to an executable FCGI file located at /usr/local/httpd/fcgi/webparams.fcgi. Writing a proof of concept to demonstrate the vulnerability.Īlmost all requests are sent to /webparams.By the way, because the application is multithreaded, I had to check the required process id every time to deal with a certain thread (the thread is created prior to the request processing). ![]() If necessary, debugging via Telnet with GDB.The research of the binaries includes the following steps: Install a microSD card formatted with VFAT file system for extra space. ![]() Install the statistically compiled GDB debugger from public repositories on GitHub and.Prior to researching the executable files, some preparations are necessary. Note that I didn’t even need to reverse-engineer anything. So, the admin login (by default, root) is sufficient to bypass authentication and make any requests available to the administrator in the camera’s admin console.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |