[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Vulnerabilities in multiple Hikvision IP cameras and DVR
From: "MustLive" <mustlive () websecurity ! com ! ua>
Date: 2015-03-29 20:52:09
Message-ID: 035701d06a62$50f18850$9b7a6fd5 () pc
[Download RAW message or body]
Hello list!
There are vulnerabilities in multiple Hikvision IP cameras and DVR.
These are Abuse of Functionality and Brute Force vulnerabilities, similar to
holes in Hikvision DS-7204HWI-SH, which I disclosed earlier.
-------------------------
Affected vendors:
-------------------------
Hikvision
http://www.hikvision.com
-------------------------
Affected products:
-------------------------
Vulnerable are the next models with different versions of firmware:
Hikvision DS-2CD2412F-IW, DS-2CD2412F-I, DS-7204HWI-SH, DS-2CD2412F-IW,
DS-2CD2012-I, DS-2CD2232-I5, DS-7108HWI-SH, DS-2CD7153-E, DS-2CD2132-I,
DS-2DF5284-A. Since summer I found multiple models of Hikvision cameras and
regularly find new cameras with similar vulnerabilities.
As Hikvision answered me at 01.03.2015, they didn't want to fix Abuse of
Functionality vulnerability, but they will fix Brute Force vulnerability.
New versions of firmware for different models of cameras with patch for
Brute Force hole were released in the beginning of 2015. I still haven't
found any Hikvision camera with such firmwares, only versions for 2014 and
previous years, but developers showed me screenshot how they fixed it.
----------
Details:
----------
Abuse of Functionality (WASC-42):
Login is persistent: admin (only logins for users can be changed). Which
simplify Brute Force attack.
Brute Force (WASC-11):
In login form http://site/doc/page/login.asp there is no protection against
Brute Force attacks. Which allows to pick up password (if it was changed
from default).
I found this and other web cameras during summer to watch terrorists
activities in Donetsk and Lugansks regions of Ukraine and also I took under
control web cameras in Russia
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2015-February/009077.html).
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/7308/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic