Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure

By kannthu

High
Vidoc logoVidoc Module
#iot#camera#disclosure#edb
Description

What is the "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure?" module?

The "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure" module is designed to detect a vulnerability in the BEWARD N100 compact color IP camera. This vulnerability allows an attacker to disclose arbitrary files on the camera. The severity of this vulnerability is classified as high.

This module was authored by geeknik.

Impact

If exploited, this vulnerability can lead to unauthorized access to sensitive files on the BEWARD N100 IP camera. An attacker could potentially obtain sensitive information, such as user credentials or configuration files, which could be used for further attacks.

How does the module work?

The module sends an HTTP GET request to the "/cgi-bin/operator/fileread?READ.filePath=/etc/passwd" endpoint on the BEWARD N100 IP camera. It includes an authorization header with the credentials "Basic YWRtaW46YWRtaW4=" to authenticate the request.

The module then applies two matching conditions to determine if the vulnerability is present:

    - The first condition uses a regular expression to check if the response contains the string "root:[x*]:0:0:". If this string is found, it indicates that the "/etc/passwd" file has been successfully disclosed. - The second condition checks if the HTTP response status code is 200, indicating a successful request.

If both conditions are met, the module reports the vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/cgi-bin/operator/fi...
Headers

Authorization: Basic YWRtaW46YWRtaW...

Matching conditions
regex: root:[x*]:0:0:and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability