vendor:
CMNC-200 IP Camera
by:
No Author
7,5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: CMNC-200 IP Camera
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: CVE-2010-4232
CPE: N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010
Web Based Administration Interface Bypass
The CMNC-200 IP Camera has an administrative web interface that does not handle authentication properly. Using a properly formatted request, an attacker can bypass the authentication mechanism. The first example requires authentication: http://www.ipcamera.com/system.html. When a second forward slash is placed after the hostname, authentication is not required. http://www.ipcamera.com//system.html. This vulnerability allows an attacker to take full control of the IP Camera.
Mitigation:
To limit exposure, network access to these devices should be limited to authorized personnel through the use of Access Control Lists and proper network segmentation.
