vendor:
NFC-30IR Network Cameras
by:
Bitcrack Cyber Security - BitLabs Advisory
8,8
CVSS
HIGH
Local File Inclusion (LFI)(Authenticated) & Hardcoded Manufacturer Backdoor
434
CWE
Product Name: NFC-30IR Network Cameras
Affected Version From: Intellinet NFC-30IR Camera with firmware version LM.1.6.16.05
Affected Version To: Intellinet NFC-30IR Camera with firmware version LM.1.6.16.05
Patch Exists: Yes
Related CWE: CVE-2017-7461 and CVE-2017-7462
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2017
Multiple Vulnerabilities in Intellinet NFC-30IR Network Cameras
We found two vulnerabilities affecting the Intellinet NFC-30IR Camera with firmware version LM.1.6.16.05. Once authenticated as admin:admin, you can read local files by requesting the '/cgi-bin/admin/fileread?READ.filePath=<insert here>'. There is no sanitization nor lock-down of what paths that script can read, hence all files can be viewed. Interesting files to request are; /etc/passwd; /etc/boa.conf and more. A manufacturer backdoor exists that allows one to access a script called '/cgi-bin/mft/manufacture' by authenticating as manufacture:erutcafunam.
Mitigation:
Update to the latest firmware version.
