vendor:
IP Camera
by:
icekam,xiao13,Rainbow,tfsec
8,1
CVSS
HIGH
Denial-of-Service (DoS)
20
CWE
Product Name: IP Camera
Affected Version From: Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, TN540
Affected Version To: Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, TN540
Patch Exists: YES
Related CWE: CVE-2021-40378
CPE: h:compro_technology:ip_camera
Metasploit:
N/A
Other Scripts:
https://www.infosecmatter.com/nessus-plugin-library/?id=62383, https://www.infosecmatter.com/nessus-plugin-library/?id=137354, https://www.infosecmatter.com/nessus-plugin-library/?id=31619, https://www.infosecmatter.com/nessus-plugin-library/?id=29303, https://www.infosecmatter.com/nessus-plugin-library/?id=60375, https://www.infosecmatter.com/nessus-plugin-library/?id=29256, https://www.infosecmatter.com/nessus-plugin-library/?id=31837, https://www.infosecmatter.com/nessus-plugin-library/?id=37575, https://www.infosecmatter.com/nessus-plugin-library/?id=21101
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2021
Compro Technology IP Camera – ‘killps.cgi’ Denial-of-Service (DoS)
There is a backdoor prefabricated in the device in this path. Accessing the file through the browser after logging in will cause the device to delete all data (including the data of the camera itself). Payload:Visit this page after logging in /cgi-bin/support/killps.cgi
Mitigation:
Restrict access to the killps.cgi page and ensure that only authorized users can access it.
