routersploit icon indicating copy to clipboard operation
routersploit copied to clipboard

Published 20 hours ago verified publisher icon threat9

Cameras Exploits - Call to Arms

Open lucyoa opened this issue 7 years ago • 3 comments

Grab one of the exploits from the list below and write routersploit module for it. Exploits should be created under routersploit/modules/exploits/cameras/ directory.

How to contribute?

  1. Pick one of the vulnerabilities from the list
  2. Create new issue with given exploit and assign yourself to it
  3. Write routesploit module
  4. Create a Pull Request

Client side exploits and Denial of Service exploits are currently out of scope. We are working on a functionality to handle them properly.

List of vulnerabilities & exploits

  • [ ] Intellinet NFC-30IR Camera - Multiple Vulnerabilities https://www.exploit-db.com/exploits/41829/

  • [ ] Netwave IP Camera - Password Disclosure https://www.exploit-db.com/exploits/41236/

  • [ ] Komfy Switch with Camera DKZ-201S/W - WiFi Password Disclosure https://www.exploit-db.com/exploits/40633/

  • [ ] AVTECH IP Camera, NVR, and DVR Devices - Multiple Vulnerabilities https://www.exploit-db.com/exploits/40500/

  • [x] VideoIQ Camera - Local File Disclosure https://www.exploit-db.com/exploits/40284/

  • [x] Vanderbilt IP-Camera CCPW3025-IR / CVMW3025-IR - Local File Disclosure https://www.exploit-db.com/exploits/40281/

  • [x] JVC IP-Camera VN-T216VPRU - Local File Disclosure https://www.exploit-db.com/exploits/40282/

  • [x] Honeywell IP-Camera HICC-1100PT - Local File Disclosure https://www.exploit-db.com/exploits/40283/

  • [ ] MESSOA IP-Camera NIC990 - Authentication Bypass / Configuration Download https://www.exploit-db.com/exploits/40267/

  • [ ] SIEMENS IP Cameras (Multiple Models) - Credential Disclosure / Configuration Download https://www.exploit-db.com/exploits/40262/

  • [ ] Vanderbilt IP-Camera CCPW3025-IR / CVMW3025-IR - Credentials Disclosure https://www.exploit-db.com/exploits/40263/

  • [ ] MESSOA IP Cameras (Multiple Models) - Unauthenticated Password Change https://www.exploit-db.com/exploits/40277/

  • [ ] JVC IP-Camera VN-T216VPRU - Credentials Disclosure https://www.exploit-db.com/exploits/40264/

  • [ ] TOSHIBA IP-Camera IK-WP41A - Authentication Bypass / Configuration Download https://www.exploit-db.com/exploits/40266/

  • [x] Honeywell IP-Camera HICC-1100PT - Credentials Disclosure https://www.exploit-db.com/exploits/40261/

  • [ ] SIEMENS IP Camera CCMW1025 x.2.2.1798 - Remote Admin Credentials Change https://www.exploit-db.com/exploits/40260/

  • [x] SIEMENS IP-Camera CVMS2025-IR / CCMS2025 - Credentials Disclosure https://www.exploit-db.com/exploits/40254/

  • [ ] Samsung Smart Home Camera SNH-P-6410 - Command Injection https://www.exploit-db.com/exploits/40235/

  • [ ] Multiple JVC HDRs and Net Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/39798/

  • [ ] Merit Lilin IP Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/39746/

  • [x] TH692 Outdoor P2P HD Waterproof IP Camera - Hard-Coded Credentials https://www.exploit-db.com/exploits/39706/

  • [x] Brickcom Corporation Network Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/39696/

  • [ ] Axis Network Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/39683/

  • [ ] PLANET Technology IP Surveillance Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/39672/

  • [ ] ADH-Web Server IP-Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/38245/

  • [x] TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi - Hard-Coded Credentials https://www.exploit-db.com/exploits/38186/

  • [ ] Keeper IP Camera 3.2.2.10 - Authentication Bypass https://www.exploit-db.com/exploits/37965/

  • [ ] Security IP Camera Star Vision DVR - Authentication Bypass https://www.exploit-db.com/exploits/37778/

  • [ ] IPUX CS7522/CS2330/CS2030 IP Camera - 'UltraHVCamX.ocx' ActiveX Stack Buffer Overflow https://www.exploit-db.com/exploits/35422/

  • [ ] IPUX Cube Type CS303C IP Camera - 'UltraMJCamX.ocx' ActiveX Stack Buffer Overflow https://www.exploit-db.com/exploits/35420/

  • [ ] IPUX CL5452/CL5132 IP Camera - 'UltraSVCamX.ocx' ActiveX Stack Buffer Overflow https://www.exploit-db.com/exploits/35421/

  • [ ] TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow https://www.exploit-db.com/exploits/35363/

  • [ ] Foscam IP Camera - Predictable Credentials Security Bypass https://www.exploit-db.com/exploits/39195/

  • [ ] Vivotek IP Cameras - RTSP Authentication Bypass https://www.exploit-db.com/exploits/29516/

  • [ ] Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/27878/

  • [ ] Hikvision IP Cameras 4.1.0 b130111 - Multiple Vulnerabilities https://www.exploit-db.com/exploits/27402/

  • [ ] TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/27289/

  • [ ] FOSCAM IP-Cameras - Improper Access Restrictions https://www.exploit-db.com/exploits/27076/

  • [ ] Airlive IP Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/26174/

  • [ ] MayGion IP Cameras Firmware 09.27 - Multiple Vulnerabilities https://www.exploit-db.com/exploits/25813/

  • [ ] Zavio IP Cameras Firmware 1.6.03 - Multiple Vulnerabilities https://www.exploit-db.com/exploits/25815/

  • [ ] Security IP Camera Star Vision DVR - Authentication Bypass https://www.exploit-db.com/exploits/37778/

  • [ ] IPUX Cube Type CS303C IP Camera - 'UltraMJCamX.ocx' ActiveX Stack Buffer Overflow https://www.exploit-db.com/exploits/35420/

  • [ ] IPUX CL5452/CL5132 IP Camera - 'UltraSVCamX.ocx' ActiveX Stack Buffer Overflow https://www.exploit-db.com/exploits/35421/

  • [ ] IPUX CS7522/CS2330/CS2030 IP Camera - 'UltraHVCamX.ocx' ActiveX Stack Buffer Overflow https://www.exploit-db.com/exploits/35422/

  • [ ] TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow https://www.exploit-db.com/exploits/35363/

  • [ ] Foscam IP Camera - Predictable Credentials Security Bypass https://www.exploit-db.com/exploits/39195/

  • [ ] Vivotek IP Cameras - RTSP Authentication Bypass https://www.exploit-db.com/exploits/29516/

  • [ ] Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/27878/

  • [ ] Hikvision IP Cameras 4.1.0 b130111 - Multiple Vulnerabilities https://www.exploit-db.com/exploits/27402/

  • [ ] TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/27289/

  • [ ] FOSCAM IP-Cameras - Improper Access Restrictions https://www.exploit-db.com/exploits/27076/

  • [ ] Airlive IP Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/26174/

  • [ ] TP-Link IP Cameras Firmware 1.6.18P12 - Multiple Vulnerabilities https://www.exploit-db.com/exploits/25812/

  • [ ] D-Link IP Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/25138/

  • [ ] StarVedia IPCamera IC502w IC502w+ v020313 - 'Username'/Password Disclosure https://www.exploit-db.com/exploits/24864/

  • [ ] D-Link DCS Cameras - Multiple Vulnerabilities https://www.exploit-db.com/exploits/24442/

  • [ ] Vivotek Cameras - Sensitive Information Disclosure https://www.exploit-db.com/exploits/19859/

  • [ ] TRENDnet SecurView Internet Camera - UltraMJCam OpenFileDlg Buffer Overflow (Metasploit) https://www.exploit-db.com/exploits/18709/

  • [ ] TRENDnet SecurView TV-IP121WN Wireless Internet Camera - UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow https://www.exploit-db.com/exploits/18675/

  • [ ] Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT - ActiveX Control PlayerPT.ocx sprintf Buffer Overflow https://www.exploit-db.com/exploits/18641/

  • [ ] Multiple Trendnet Camera Products - Remote Security Bypass https://www.exploit-db.com/exploits/36680/

  • [ ] RXS-3211 IP Camera - UDP Packet Password Information Disclosure https://www.exploit-db.com/exploits/35800/

  • [ ] Camtron CMNC-200 IP Camera - Authentication Bypass https://www.exploit-db.com/exploits/15506/

  • [ ] Camtron CMNC-200 IP Camera - Undocumented Default Accounts https://www.exploit-db.com/exploits/15507/

  • [ ] Camtron CMNC-200 IP Camera - ActiveX Buffer Overflow https://www.exploit-db.com/exploits/15504/

  • [ ] Camtron CMNC-200 IP Camera - Directory Traversal https://www.exploit-db.com/exploits/15505/

  • [ ] Intellinet IP Camera MNC-L10 - Authentication Bypass https://www.exploit-db.com/exploits/14521/

  • [ ] ARD-9808 DVR Card Security Camera - Arbitrary Config Disclosure https://www.exploit-db.com/exploits/9066/

  • [ ] Camera Life 2.6.2b4 - Arbitrary File Upload https://www.exploit-db.com/exploits/6594/

  • [ ] Camera Life 2.6.2 - 'id' Parameter SQL Injection https://www.exploit-db.com/exploits/6132/

  • [ ] AXIS Camera Control (AxisCamControl.ocx 1.0.2.15) - Buffer Overflow https://www.exploit-db.com/exploits/4143/

  • [ ] Sony Network Camera SNC-P5 1.0 - ActiveX viewer Heap Overflow (PoC) https://www.exploit-db.com/exploits/4120/

  • [ ] D-Link DCS-900 Camera - Remote IP Address Changer Exploit https://www.exploit-db.com/exploits/425/

  • [ ] Axis Network Camera 2.x And Video Server 1-3 - virtualinput.cgi Arbitrary Command Execution https://www.exploit-db.com/exploits/24400/

  • [ ] Axis Network Camera 2.x And Video Server 1-3 - Directory Traversal https://www.exploit-db.com/exploits/24401/

  • [ ] Axis Network Camera 2.x And Video Server 1-3 - HTTP Authentication Bypass https://www.exploit-db.com/exploits/24402/

  • [ ] Linksys Web Camera Software 2.10 - Next_file Parameter File Disclosure https://www.exploit-db.com/exploits/24175/

  • [ ] Axis Network Camera 2.x - HTTP Authentication Bypass https://www.exploit-db.com/exploits/22626/

Client side exploits

  • [ ] MOBOTIX Video Security Cameras - Cross-Site Request Forgery (Add Admin) https://www.exploit-db.com/exploits/39641/

  • [ ] FlexWATCH Network Camera - Cross-Site Scripting https://www.exploit-db.com/exploits/28205/

  • [ ] obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - help Script Cross-Site Scripting https://www.exploit-db.com/exploits/27892/

  • [ ] FlexWATCH Network Camera - Cross-Site Scripting https://www.exploit-db.com/exploits/28205/

  • [ ] obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - eventplayer get_image_info_abspath Parameter Cross-Site Scripting https://www.exploit-db.com/exploits/27894/

  • [ ] obotix IP Camera M1 1.9.4 .7/M10 2.0.5.2 - events.tar source_ip Parameter Cross-Site Scripting https://www.exploit-db.com/exploits/27893/

  • [ ] Linksys Web Camera Software 2.10 - Next_file Parameter Cross-Site Scripting https://www.exploit-db.com/exploits/24197/

  • [ ] Axis Communications 207W Network Camera - Web Interface axis-cgi/admin/restart.cgi Cross-Site Request Forgery https://www.exploit-db.com/exploits/30585/

  • [ ] Axis Communications 207W Network Camera - Web Interface axis-cgi/admin/pwdgrp.cgi Multiple Parameter Cross-Site Request Forgery https://www.exploit-db.com/exploits/30586/

  • [ ] Axis Communications 207W Network Camera - Web Interface admin/restartMessage.shtml server Parameter Cross-Site Request Forgery https://www.exploit-db.com/exploits/30587/

  • [ ] Camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting https://www.exploit-db.com/exploits/6710/

  • [ ] Axis M10 Series Network Cameras - Cross-Site Scripting https://www.exploit-db.com/exploits/36428/

  • [ ] Grandstream Multiple IP Cameras - Cross-Site Request Forgery https://www.exploit-db.com/exploits/38584/

  • [ ] Brickcom Multiple IP Cameras - Cross-Site Request Forgery https://www.exploit-db.com/exploits/38582/

  • [ ] Sony CH / DH Series IP Cameras - Multiple Cross-Site Request Forgery Vulnerabilities https://www.exploit-db.com/exploits/38583/

  • [ ] Conceptronic Wireless Pan & Tilt Network Camera - Cross-Site Request Forgery https://www.exploit-db.com/exploits/30914/

  • [ ] Multiple Foscam IP Cameras - Multiple Cross-Site Request Forgery Vulnerabilities https://www.exploit-db.com/exploits/38437/

  • [ ] Grandstream Multiple IP Cameras - Cross-Site Request Forgery https://www.exploit-db.com/exploits/38584/

  • [ ] Brickcom Multiple IP Cameras - Cross-Site Request Forgery https://www.exploit-db.com/exploits/38582/

  • [ ] Sony CH / DH Series IP Cameras - Multiple Cross-Site Request Forgery Vulnerabilities https://www.exploit-db.com/exploits/38583/

  • [ ] Conceptronic Wireless Pan & Tilt Network Camera - Cross-Site Request Forgery https://www.exploit-db.com/exploits/30914/

Denial of Service

  • [ ] Camtron CMNC-200 IP Camera - Denial of Service https://www.exploit-db.com/exploits/15508/

  • [ ] ARD-9808 DVR Card Security Camera - GET Request Remote Denial of Service https://www.exploit-db.com/exploits/9067/

  • [ ] SunellSecurity NVR / Camera - Denial of Service https://www.exploit-db.com/exploits/40687/

lucyoa avatar Apr 24 '17 10:04 lucyoa

I am looking for firmware to download and perform some tests. Where can i find these firmwares?

Thanks

busyb0x avatar Jul 16 '17 01:07 busyb0x

On vendors websites I guess :-)

0BuRner avatar Jul 16 '17 03:07 0BuRner

thanks

gadoi avatar Mar 30 '18 15:03 gadoi