Bugtraq mailing list archives
Re: Axis Network Camera known default password vulnerability
From: Torgeir Hansen <trenger () trenger ro>
Date: Fri, 07 Dec 2001 08:32:53 +0100
I'd be more worried about the old firmwares (2.0x (I tested 2.12 also which isn't vulnerable) that contain amongst others: /cgi-bin/paramtool and /cgi-bin/hwtestio, you don't need to authorize to access them. (seems to be a misconfiguration in the webserver) paramtool can be used like this: "http://<ip_to_webcam>/cgi-bin/paramtool?--blargh which will show the entire config of the webcam, including: root.InternalSecurity.Passwd { root { passwd [ "plAsx1.0CzA.wd" ] (...) Which shouldn't be too hard to crack :) This could also reveal dialup info, like phone-numbers, username and passwords. (if this camera is set up to be serving images through dialup connection) And then there is /cgi-bin/hwtestio, which I think was really bad - as it tells the user how to use it, and remember: you do not have to log in to the web-pages to access this script either! Basically it tells you: -------------------------- -ix Test IO x times -rx Relay switch repeated x times -------------------------- i.e. you can do "http://<ip_to_webcam>/cgi-bin/hwtestio?-r242424", and the camera basically crashes. PS! This IS old info, firmware upgrades that fix these problems exist and have for a while. And Chris and/or the - good for you that you actually managed to read on axis' webpages, good on ya! --torgeir Chris Gragsone wrote:
Axis Network Camera known default password vulnerability by Chris Gragsone Foot Clan Date: November 17, 2001 Advisory ID: Foot-20011117 Impact of vulnerability: Default Password Exploitable: Remotely Maximum Risk: Moderate Affected Software: Axis Network Camera 2120 Axis Network Camera 2110 Axis Network Camera 2100 Axis Network Camera 200+ Axis Network Camera 200 Vulnerability: Log into any Axis Network Camera via ftp, telnet, or http Default account: root Default password: pass References: http://www.axis.com/product/camera_servers/index.html http://www.axis.com/solutions/cam_vid/surveillance/index.html Contact: http://footclan.realwarp.net Chris Gragsone (maetrics () realwarp net) Disclaimer: The contents of this advisory are lame and should probably not be
read.
Current thread:
- Axis Network Camera known default password vulnerability Chris Gragsone (Dec 05)
- <Possible follow-ups>
- Re: Axis Network Camera known default password vulnerability Torgeir Hansen (Dec 06)
- Re: Axis Network Camera known default password vulnerability Joacim Tullberg (Dec 06)