Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure" module is designed to detect a vulnerability in the BEWARD N100 compact color IP camera. This vulnerability allows an attacker to disclose arbitrary files on the camera. The severity of this vulnerability is classified as high.
This module was authored by geeknik.
If exploited, this vulnerability can lead to unauthorized access to sensitive files on the BEWARD N100 IP camera. An attacker could potentially obtain sensitive information, such as user credentials or configuration files, which could be used for further attacks.
The module sends an HTTP GET request to the "/cgi-bin/operator/fileread?READ.filePath=/etc/passwd" endpoint on the BEWARD N100 IP camera. It includes an authorization header with the credentials "Basic YWRtaW46YWRtaW4=" to authenticate the request.
The module then applies two matching conditions to determine if the vulnerability is present:
If both conditions are met, the module reports the vulnerability.
Authorization: Basic YWRtaW46YWRtaW...