header-logo
Suggest Exploit
vendor:
DVR IP Camera
by:
Meisam Monsef
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: DVR IP Camera
Affected Version From: All Versions
Affected Version To: All Versions
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Chrome
2015

Security IP Camera Star Vision DVR Authentication Bypass

The vulnerability allows an attacker to bypass authentication of the Star Vision DVR IP Camera. The attacker can open the Chrome browser, enter the IP address or domain to see the login screen of the camera, press the F12 key to open the browser console, click the Console tab and enter the code 'login_set(1,1,1,1);'. Then, the attacker can go to page view2.html and access the camera.

Mitigation:

The vendor should implement proper authentication mechanisms to prevent unauthorized access.
Source

Exploit-DB raw data:

# Exploit Title: Security IP Camera Star Vision DVR Authentication Bypass
# Date: 2015-08-13
# Exploit Author: Meisam Monsef meisamrce@yahoo.com or meisamrce@gmail.com
# Vendor Homepage: #
# Version: All Versions

Exploit :
1 - First, open your Chrome browser
2 - Enter the IP address or domain to see the login screen of the camera
3 - Press the F12 key to open the browser console
4 - Click the Console tab and enter the following code
login_set(1,1,1,1);
5 - Now go to page view2.html
6 - enjoy seeing camera :)

Test : http://m.2.is/

Video Tutorial : http://s3.picofile.com/file/8206365584/cam.mp4.html

Navigation

Suggest Exploit

Services By CQR