Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

LILIN IP Camera P2/Z2 Multiple Vulnerabilities

Summary

Vulnerability List

  1. Command Injection
  2. Broken Access Control (No authentication required)
  3. Remote Admin Credential Disclosure (No authentication required)

Details

1. Command Injection

CVSSv3.1 Score

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

A Command Injection vulnerability in the NTP Setting that allows authenticated administrator to execute arbitrary commands with root privileges.

Impact

An attacker can execute arbitrary commands to install malware.

2. Broken Access Control

CVSSv3.1 Score

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

It allows attackers to create arbitrary user via /apply2.cgi without any authentication.

Impact

An attacker can create arbitrary user to bypass authentication.

3. Remote Admin Credential Disclosure

CVSSv3.1 Score

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The user credentials be stored in html(/new/setup.htm) with base64 encode.

Impact

The leaked user credentials of the system can be taken for further attack.

Products Affected

  • LILIN IP Camera P2: Firmware Version: <=7.1.94.8908
  • LILIN IP Camera Z2: Firmware Version: <=7.1.94.8908

Credits

  • Keniver Wang(CHT Security)
  • ChunHao Yang(CHT Security)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment