Netwave IP Camera Vulnerability

threat9 / routersploit

Exploitation Framework for Embedded Devices

Other

12.12k stars 2.31k forks source link

Netwave IP Camera Vulnerability #274

Closed ghost closed 6 years ago

ghost commented 7 years ago

Credentials leak: It leaks a file 'get_params.cgi' which contains all the credentials stored/configured on the device.

https://github.com/somu1795/netwave_ip_camera_vulnerability

0BuRner commented 7 years ago

Hi,

Thx for the info. I can create a routersploit exploit for your vulnerability but I need something more to avoid false positive : can you give me an example of a file retrieved via this vulnerability (with all confidential data anonymized ofc) ? So I will be able to pick a unique pattern in the file and use it to avoid false positive :)

Thx

ghost commented 7 years ago

My scripts are bad :P , I'm a newbie .

The Correct response - correct_response.txt

Error file: error_response.txt

lucyoa commented 6 years ago

Can you provide some more information about this vulnerability? Was it disclosed to vendor? Was CVE assigned etc?