LILIN IP Camera P2/Z2 Multiple Vulnerabilities
- Command Injection
- Broken Access Control (No authentication required)
- Remote Admin Credential Disclosure (No authentication required)
1. Command Injection
A Command Injection vulnerability in the NTP Setting that allows authenticated administrator to execute arbitrary commands with root privileges.
An attacker can execute arbitrary commands to install malware.
2. Broken Access Control
It allows attackers to create arbitrary user via /apply2.cgi without any authentication.
An attacker can create arbitrary user to bypass authentication.
3. Remote Admin Credential Disclosure
The user credentials be stored in html(/new/setup.htm) with base64 encode.
The leaked user credentials of the system can be taken for further attack.
- LILIN IP Camera P2: Firmware Version: <=220.127.116.1108
- LILIN IP Camera Z2: Firmware Version: <=18.104.22.16808
- Keniver Wang(CHT Security)
- ChunHao Yang(CHT Security)