Re: Axis Network Camera known default password vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'd be more worried about the old firmwares (2.0x (I tested 2.12 also
which isn't vulnerable) that contain amongst others:
/cgi-bin/paramtool and /cgi-bin/hwtestio, you don't need to authorize to
access them.
(seems to be a misconfiguration in the webserver)

paramtool can be used like this:
"http://<ip_to_webcam>/cgi-bin/paramtool?--blargh

which will show the entire config of the webcam, including:
root.InternalSecurity.Passwd { root { passwd [ "plAsx1.0CzA.wd" ] (...)
Which shouldn't be too hard to crack :)
This could also reveal dialup info, like phone-numbers, username and
passwords.
(if this camera is set up to be serving images through dialup
connection)

And then there is /cgi-bin/hwtestio, which I think was really bad -
as it tells the user how to use it, and remember: you do not have to log
in to the web-pages to
access this script either!
Basically it tells you:
--------------------------
 -ix Test IO x times
 -rx Relay switch repeated x times
--------------------------
i.e. you can do "http://<ip_to_webcam>/cgi-bin/hwtestio?-r242424", and
the camera basically crashes.

PS! This IS old info, firmware upgrades that fix these problems exist
and have for a while.
And Chris and/or the - good for you that you actually managed to read on
axis' webpages, good on ya!


--torgeir


Chris Gragsone wrote:
>
>   Axis Network Camera known default password vulnerability
>   by Chris Gragsone
>   Foot Clan
>
>   Date: November 17, 2001
>   Advisory ID: Foot-20011117
>   Impact of vulnerability: Default Password
>   Exploitable: Remotely
>   Maximum Risk: Moderate
>
>   Affected Software:
>   Axis Network Camera 2120
>   Axis Network Camera 2110
>   Axis Network Camera 2100
>   Axis Network Camera 200+
>   Axis Network Camera 200
>
>   Vulnerability:
>   Log into any Axis Network Camera via ftp, telnet, or http
>   Default account: root
>   Default password: pass
>
>   References:
>   http://www.axis.com/product/camera_servers/index.html
>   http://www.axis.com/solutions/cam_vid/surveillance/index.html
>   Contact:
>   http://footclan.realwarp.net Chris Gragsone (maetrics@realwarp.net)
>
>   Disclaimer:
>   The contents of this advisory are lame and should probably not be
read.
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux