Cameras Exploits - Call to Arms

[lucyoa]

Grab one of the exploits from the list below and write routersploit module for it. Exploits should be created under routersploit/modules/exploits/cameras/ directory.

How to contribute?

1) Pick one of the vulnerabilities from the list 2) Create new issue with given exploit and assign yourself to it 3) Write routesploit module 4) Create a Pull Request

Client side exploits and Denial of Service exploits are currently out of scope. We are working on a functionality to handle them properly.

List of vulnerabilities & exploits

• [ ] Intellinet NFC-30IR Camera - Multiple Vulnerabilities https://www.exploit-db.com/exploits/41829/

• [ ] Netwave IP Camera - Password Disclosure https://www.exploit-db.com/exploits/41236/

• [ ] Komfy Switch with Camera DKZ-201S/W - WiFi Password Disclosure https://www.exploit-db.com/exploits/40633/

• [ ] AVTECH IP Camera, NVR, and DVR Devices - Multiple Vulnerabilities https://www.exploit-db.com/exploits/40500/

• [x] VideoIQ Camera - Local File Disclosure https://www.exploit-db.com/exploits/40284/

• [x] Vanderbilt IP-Camera CCPW3025-IR / CVMW3025-IR - Local File Disclosure https://www.exploit-db.com/exploits/40281/

• [x] JVC IP-Camera VN-T216VPRU - Local File Disclosure https://www.exploit-db.com/exploits/40282/

• [x] Honeywell IP-Camera HICC-1100PT - Local File Disclosure https://www.exploit-db.com/exploits/40283/

• [ ] MESSOA IP-Camera NIC990 - Authentication Bypass / Configuration Download https://www.exploit-db.com/exploits/40267/

• [ ] SIEMENS IP Cameras (Multiple Models) - Credential Disclosure / Configuration Download https://www.exploit-db.com/exploits/40262/

• [ ] Vanderbilt IP-Camera CCPW3025-IR / CVMW3025-IR - Credentials Disclosure https://www.exploit-db.com/exploits/40263/

• [ ] MESSOA IP Cameras (Multiple Models) - Unauthenticated Password Change https://www.exploit-db.com/exploits/40277/

• [ ] JVC IP-Camera VN-T216VPRU - Credentials Disclosure https://www.exploit-db.com/exploits/40264/

• [ ] TOSHIBA IP-Camera IK-WP41A - Authentication Bypass / Configuration Download https://www.exploit-db.com/exploits/40266/

• [x] Honeywell IP-Camera HICC-1100PT - Credentials Disclosure https://www.exploit-db.com/exploits/40261/

• [ ] SIEMENS IP Camera CCMW1025 x.2.2.1798 - Remote Admin Credentials Change https://www.exploit-db.com/exploits/40260/

• [x] SIEMENS IP-Camera CVMS2025-IR / CCMS2025 - Credentials Disclosure https://www.exploit-db.com/exploits/40254/

• [ ] Samsung Smart Home Camera SNH-P-6410 - Command Injection https://www.exploit-db.com/exploits/40235/

• [ ] Multiple JVC HDRs and Net Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/39798/

• [ ] Merit Lilin IP Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/39746/

• [x] TH692 Outdoor P2P HD Waterproof IP Camera - Hard-Coded Credentials https://www.exploit-db.com/exploits/39706/

• [x] Brickcom Corporation Network Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/39696/

• [ ] Axis Network Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/39683/

• [ ] PLANET Technology IP Surveillance Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/39672/

• [ ] ADH-Web Server IP-Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/38245/

• [x] TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi - Hard-Coded Credentials https://www.exploit-db.com/exploits/38186/

• [ ] Keeper IP Camera 3.2.2.10 - Authentication Bypass https://www.exploit-db.com/exploits/37965/

• [ ] Security IP Camera Star Vision DVR - Authentication Bypass https://www.exploit-db.com/exploits/37778/

• [ ] IPUX CS7522/CS2330/CS2030 IP Camera - 'UltraHVCamX.ocx' ActiveX Stack Buffer Overflow https://www.exploit-db.com/exploits/35422/

• [ ] IPUX Cube Type CS303C IP Camera - 'UltraMJCamX.ocx' ActiveX Stack Buffer Overflow https://www.exploit-db.com/exploits/35420/

• [ ] IPUX CL5452/CL5132 IP Camera - 'UltraSVCamX.ocx' ActiveX Stack Buffer Overflow https://www.exploit-db.com/exploits/35421/

• [ ] TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow https://www.exploit-db.com/exploits/35363/

• [ ] Foscam IP Camera - Predictable Credentials Security Bypass https://www.exploit-db.com/exploits/39195/

• [ ] Vivotek IP Cameras - RTSP Authentication Bypass https://www.exploit-db.com/exploits/29516/

• [ ] Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/27878/

• [ ] Hikvision IP Cameras 4.1.0 b130111 - Multiple Vulnerabilities https://www.exploit-db.com/exploits/27402/

• [ ] TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/27289/

• [ ] FOSCAM IP-Cameras - Improper Access Restrictions https://www.exploit-db.com/exploits/27076/

• [ ] Airlive IP Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/26174/

• [ ] MayGion IP Cameras Firmware 09.27 - Multiple Vulnerabilities https://www.exploit-db.com/exploits/25813/

• [ ] Zavio IP Cameras Firmware 1.6.03 - Multiple Vulnerabilities https://www.exploit-db.com/exploits/25815/

• [ ] Security IP Camera Star Vision DVR - Authentication Bypass https://www.exploit-db.com/exploits/37778/

• [ ] IPUX Cube Type CS303C IP Camera - 'UltraMJCamX.ocx' ActiveX Stack Buffer Overflow https://www.exploit-db.com/exploits/35420/

• [ ] IPUX CL5452/CL5132 IP Camera - 'UltraSVCamX.ocx' ActiveX Stack Buffer Overflow https://www.exploit-db.com/exploits/35421/

• [ ] IPUX CS7522/CS2330/CS2030 IP Camera - 'UltraHVCamX.ocx' ActiveX Stack Buffer Overflow https://www.exploit-db.com/exploits/35422/

• [ ] TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow https://www.exploit-db.com/exploits/35363/

• [ ] Foscam IP Camera - Predictable Credentials Security Bypass https://www.exploit-db.com/exploits/39195/

• [ ] Vivotek IP Cameras - RTSP Authentication Bypass https://www.exploit-db.com/exploits/29516/

• [ ] Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/27878/

• [ ] Hikvision IP Cameras 4.1.0 b130111 - Multiple Vulnerabilities https://www.exploit-db.com/exploits/27402/

• [ ] TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/27289/

• [ ] FOSCAM IP-Cameras - Improper Access Restrictions https://www.exploit-db.com/exploits/27076/

• [ ] Airlive IP Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/26174/

• [ ] TP-Link IP Cameras Firmware 1.6.18P12 - Multiple Vulnerabilities https://www.exploit-db.com/exploits/25812/

• [ ] D-Link IP Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/25138/

• [ ] StarVedia IPCamera IC502w IC502w+ v020313 - 'Username'/Password Disclosure https://www.exploit-db.com/exploits/24864/

• [ ] D-Link DCS Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/24442/

• [ ] Vivotek Cameras - Sensitive Information Disclosure https://www.exploit-db.com/exploits/19859/

• [ ] TRENDnet SecurView Internet Camera - UltraMJCam OpenFileDlg Buffer Overflow (Metasploit) https://www.exploit-db.com/exploits/18709/

• [ ] TRENDnet SecurView TV-IP121WN Wireless Internet Camera - UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow https://www.exploit-db.com/exploits/18675/

• [ ] Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow https://www.exploit-db.com/exploits/18641/

• [ ] Multiple Trendnet Camera Products - Remote Security Bypass https://www.exploit-db.com/exploits/36680/

• [ ] RXS-3211 IP Camera - UDP Packet Password Information Disclosure https://www.exploit-db.com/exploits/35800/

• [ ] Camtron CMNC-200 IP Camera - Authentication Bypass https://www.exploit-db.com/exploits/15506/

• [ ] Camtron CMNC-200 IP Camera - Undocumented Default Accounts https://www.exploit-db.com/exploits/15507/

• [ ] Camtron CMNC-200 IP Camera - ActiveX Buffer Overflow https://www.exploit-db.com/exploits/15504/

• [ ] Camtron CMNC-200 IP Camera - Directory Traversal https://www.exploit-db.com/exploits/15505/

• [ ] Intellinet IP Camera MNC-L10 - Authentication Bypass https://www.exploit-db.com/exploits/14521/

• [ ] ARD-9808 DVR Card Security Camera - Arbitrary Config Disclosure https://www.exploit-db.com/exploits/9066/

• [ ] Camera Life 2.6.2b4 - Arbitrary File Upload https://www.exploit-db.com/exploits/6594/

• [ ] Camera Life 2.6.2 - 'id' Parameter SQL Injection https://www.exploit-db.com/exploits/6132/

• [ ] AXIS Camera Control (AxisCamControl.ocx 1.0.2.15) - Buffer Overflow https://www.exploit-db.com/exploits/4143/

• [ ] Sony Network Camera SNC-P5 1.0 - ActiveX viewer Heap Overflow (PoC) https://www.exploit-db.com/exploits/4120/

• [ ] D-Link DCS-900 Camera - Remote IP Address Changer Exploit https://www.exploit-db.com/exploits/425/

• [ ] Axis Network Camera 2.x And Video Server 1-3 - virtualinput.cgi Arbitrary Command Execution https://www.exploit-db.com/exploits/24400/

• [ ] Axis Network Camera 2.x And Video Server 1-3 - Directory Traversal https://www.exploit-db.com/exploits/24401/

• [ ] Axis Network Camera 2.x And Video Server 1-3 - HTTP Authentication Bypass https://www.exploit-db.com/exploits/24402/

• [ ] Linksys Web Camera Software 2.10 - Next_file Parameter File Disclosure https://www.exploit-db.com/exploits/24175/

• [ ] Axis Network Camera 2.x - HTTP Authentication Bypass https://www.exploit-db.com/exploits/22626/

Client side exploits

• [ ] MOBOTIX Video Security Cameras - Cross-Site Request Forgery (Add Admin) https://www.exploit-db.com/exploits/39641/

• [ ] FlexWATCH Network Camera - Cross-Site Scripting https://www.exploit-db.com/exploits/28205/

• [ ] obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - help Script Cross-Site Scripting https://www.exploit-db.com/exploits/27892/

• [ ] FlexWATCH Network Camera - Cross-Site Scripting https://www.exploit-db.com/exploits/28205/

• [ ] obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - eventplayer get_image_info_abspath Parameter Cross-Site Scripting https://www.exploit-db.com/exploits/27894/

• [ ] obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - events.tar source_ip Parameter Cross-Site Scripting https://www.exploit-db.com/exploits/27893/

• [ ] Linksys Web Camera Software 2.10 - Next_file Parameter Cross-Site Scripting https://www.exploit-db.com/exploits/24197/

• [ ] Axis Communications 207W Network Camera - Web Interface axis-cgi/admin/restart.cgi Cross-Site Request Forgery https://www.exploit-db.com/exploits/30585/

• [ ] Axis Communications 207W Network Camera - Web Interface axis-cgi/admin/pwdgrp.cgi Multiple Parameter Cross-Site Request Forgery https://www.exploit-db.com/exploits/30586/

• [ ] Axis Communications 207W Network Camera - Web Interface admin/restartMessage.shtml server Parameter Cross-Site Request Forgery https://www.exploit-db.com/exploits/30587/

• [ ] Camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting https://www.exploit-db.com/exploits/6710/

• [ ] Axis M10 Series Network Cameras - Cross-Site Scripting https://www.exploit-db.com/exploits/36428/

• [ ] Grandstream Multiple IP Cameras - Cross-Site Request Forgery https://www.exploit-db.com/exploits/38584/

• [ ] Brickcom Multiple IP Cameras - Cross-Site Request Forgery https://www.exploit-db.com/exploits/38582/

• [ ] Sony CH / DH Series IP Cameras - Multiple Cross-Site Request Forgery Vulnerabilities https://www.exploit-db.com/exploits/38583/

• [ ] Conceptronic Wireless Pan & Tilt Network Camera - Cross-Site Request Forgery https://www.exploit-db.com/exploits/30914/

• [ ] Multiple Foscam IP Cameras - Multiple Cross-Site Request Forgery Vulnerabilities https://www.exploit-db.com/exploits/38437/

• [ ] Grandstream Multiple IP Cameras - Cross-Site Request Forgery https://www.exploit-db.com/exploits/38584/

• [ ] Brickcom Multiple IP Cameras - Cross-Site Request Forgery https://www.exploit-db.com/exploits/38582/

• [ ] Sony CH / DH Series IP Cameras - Multiple Cross-Site Request Forgery Vulnerabilities https://www.exploit-db.com/exploits/38583/

• [ ] Conceptronic Wireless Pan & Tilt Network Camera - Cross-Site Request Forgery https://www.exploit-db.com/exploits/30914/

Denial of Service

• [ ] Camtron CMNC-200 IP Camera - Denial of Service https://www.exploit-db.com/exploits/15508/

• [ ] ARD-9808 DVR Card Security Camera - GET Request Remote Denial of Service https://www.exploit-db.com/exploits/9067/

• [ ] SunellSecurity NVR / Camera - Denial of Service https://www.exploit-db.com/exploits/40687/

[busyb0x]

I am looking for firmware to download and perform some tests. Where can i find these firmwares?

Thanks

[0BuRner]

On vendors websites I guess :-)

[gadoi]

thanks