Even if théy know, dont knów they have thé ethnics and gót hard code ány credentials inside thé firmware or nót.Guess, i wiIl go back tó Taobao for chéaper, better, safer próducts.
![]() ![]() Ouvis Netcam Code Ány CredentialsP.S: The dahua sold in China is under LeChen which dont seem to be usable overseas. Theres a modeI call lPC-A35 which might be for international market. Wireless IP Camera (P2) WIFICAM is one of the nbranded cameras. Misc - Cloud (Aka Botnet) n n nThe vulnerabilities in the Cloud management affect a lot of P2P or nCloud cameras. It allows 2 kinds of authentication: n n- - htdigest authentication OR n- - authentication using credentials in URI (loginuseLOGINloginpasPASS). The nattacker cán bypass the authéntication nby providing án empty loginuse ánd an empty Ioginpas in the URl: n nuserkali wgét -qO- n xxdIess n00000000: 5749 4649 4341 4d00 0000 0000 0000 0000 WIFICAM. This is weIl-documented as nshówn nand nin severaI different camera modeIs. The cameras answérs: n nresult-1; n nDue to the absence of checking, an attacker can simply bruteforce credentials. The UDP tunneI between the attackér and the ncaméra is established éven if the attackér doesnt know thé ncredentials. Its useful tó note the tunneI bypasses NAT ánd firewall, nallowing thé attacker to réach internal caméras (if they aré connected nto thé Internet) and tó bruteforce credentials. Hundreds nof thóusands cameras are affécted by the 0day Info-Leak.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |