Owning Big Brother: How to Crack into Axis IP cameras

2007.10.05

Credit: Procheckup

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2007-5212 | CVE-2007-5213 | CVE-2007-5214

CWE: N/A

The research is made of two components: a purple paper and a video. The research doesn't just cover boring PoCs, but actual Hollywood-style exploits :-) . Yes, this includes the classic attack in which the legitimate video stream gets replaced by another stream that keeps looping forever!
In the paper we only cover new vulnerabilities affecting older _and_ the latest firmware. The most eye-catching ones are perhaps the following issues affecting the latest version of the firmware (2.43):
System-wide Cross-site Request Forgeries (CSRF) ? any admin action can be forged by design!
Non-persistent Cross-site Scripting (XSS) on 404 error pages
Persistent cross-site Scripting (XSS) on the network settings page
Persistent cross-site Scripting (XSS) on the video viewing page
Persistent cross-site Scripting (XSS) on the logs viewing facility
For more info please see: http://www.procheckup.com/Vulnerability_2007.php

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Owning Big Brother: How to Crack into Axis IP cameras

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.