"Ichano AtHome IP Cameras - Multiple Vulnerabilities"

Author

Exploit author

SecuriTeam

Platform

Exploit platform

hardware

Release date

Exploit published date

2017-12-19

                
                         Download file
                    
## Vulnerabilities Summary
The following advisory describes three (3) vulnerabilities found in Ichano IP Cameras.

AtHome Camera is “a remote video surveillance app which turns your personal computer, smart TV/set-top box, smart phone, and tablet into a professional video monitoring system in a minute.”

The vulnerabilities found are:

Hard-coded username and password – telnet
Hard-coded username and password – Web server
Unauthenticated Remote Code Execution

## Credit
An independent security researcher, Tim Carrington, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

## Vendor response
We tried to contact Ichano since November 21st 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for these vulnerabilities.

CVE: CVE-2017-17761

## Vulnerabilities details

Hard-coded username and password – telnet
The device runs a telnet server at startup with a default password of 123.

Hard-coded username and password – Web server
In /app/www/doc/script/login.js, in the function DoLogin(), client side validation is used to login a user:

```
if($("#UserName").val()=="super_yg"){jumpPage();return}
```

A user can login with these credentials and can then take control of the device over http:

Unauthenticated Remote Code Execution
The device runs “noodles” binary – a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands.

The binary has a set of commands he can run – if a user will use the following “protocol”, command to be run is enclosed like html tags, i.e. <system>id</system>, a successful execution results in <system_ack>ok</system_ack>.

Release Date	Title	Type	Platform	Author
2020-12-02	"aSc TimeTables 2021.6.2 - Denial of Service (PoC)"	local	windows	"Ismael Nava"
2020-12-02	"DotCMS 20.11 - Stored Cross-Site Scripting"	webapps	multiple	"Hardik Solanki"
2020-12-02	"NewsLister - Authenticated Persistent Cross-Site Scripting"	webapps	multiple	"Emre Aslan"
2020-12-02	"Mitel mitel-cs018 - Call Data Information Disclosure"	remote	linux	"Andrea Intilangelo"
2020-12-02	"ChurchCRM 4.2.0 - CSV/Formula Injection"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile"	webapps	multiple	"Shahrukh Iqbal Mirza"
2020-12-02	"Ksix Zigbee Devices - Playback Protection Bypass (PoC)"	remote	multiple	"Alejandro Vazquez Vazquez"
2020-12-02	"Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality"	webapps	php	"Mufaddal Masalawala"
2020-12-02	"ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path"	local	windows	"Manuel Alvarez"

Release Date	Title	Type	Platform	Author
2020-11-30	"Intelbras Router RF 301K 1.1.2 - Authentication Bypass"	webapps	hardware	"Kaio Amaral"
2020-11-30	"ATX MiniCMTS200a Broadband Gateway 2.0 - Credential Disclosure"	webapps	hardware	"Zagros Bingol"
2020-11-27	"Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 - Remote Code Execution"	webapps	hardware	"Emre SUREN"
2020-11-24	"Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE (Authenticated)"	webapps	hardware	maj0rmil4d
2020-11-23	"TP-Link TL-WA855RE V5_200415 - Device Reset Auth Bypass"	webapps	hardware	malwrforensics
2020-11-19	"Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure"	remote	hardware	"Nitesh Surana"
2020-11-19	"Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification"	webapps	hardware	"Ricardo Longatto"
2020-11-16	"Cisco 7937G - DoS/Privilege Escalation"	remote	hardware	"Cody Martin"
2020-11-13	"ASUS TM-AC1900 - Arbitrary Command Execution (Metasploit)"	webapps	hardware	b1ack0wl
2020-11-13	"Citrix ADC NetScaler - Local File Inclusion (Metasploit)"	webapps	hardware	"RAMELLA Sebastien"

Release Date	Title	Type	Platform	Author
2018-10-04	"Cisco Prime Infrastructure - Unauthenticated Remote Code Execution"	remote	multiple	SecuriTeam
2018-04-30	"Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free"	dos	linux	SecuriTeam
2018-01-30	"Hotspot Shield - Information Disclosure"	local	windows	SecuriTeam
2018-01-29	"iBall WRA150N - Multiple Vulnerabilities"	webapps	hardware	SecuriTeam
2018-01-24	"Oracle VirtualBox < 5.1.30 / < 5.2-rc1 - Guest to Host Escape"	local	multiple	SecuriTeam
2018-01-15	"GitStack - Remote Code Execution"	webapps	php	SecuriTeam
2018-01-11	"Seagate Personal Cloud - Multiple Vulnerabilities"	remote	hardware	SecuriTeam
2017-12-26	"Trustwave SWG 11.8.0.27 - SSH Unauthorized Access"	remote	linux	SecuriTeam
2017-12-19	"Ichano AtHome IP Cameras - Multiple Vulnerabilities"	remote	hardware	SecuriTeam
2017-12-13	"vBulletin 5 - 'cacheTemplates' Remote Arbitrary File Deletion"	webapps	multiple	SecuriTeam
2017-12-13	"vBulletin 5 - 'routestring' Remote Code Execution"	webapps	multiple	SecuriTeam
2017-12-06	"Dasan Networks GPON ONT WiFi Router H640X 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Remote Code Execution"	webapps	hardware	SecuriTeam
2017-11-28	"Synology StorageManager 5.2 - Root Remote Command Execution"	webapps	cgi	SecuriTeam
2017-11-23	"Linux Kernel (Ubuntu 17.04) - 'XFRM' Local Privilege Escalation"	local	linux	SecuriTeam
2017-11-21	"DblTek - Multiple Vulnerabilities"	webapps	linux	SecuriTeam
2017-11-07	"Ametys CMS 4.0.2 - Password Reset"	webapps	php	SecuriTeam
2017-11-03	"GraphicsMagick - Memory Disclosure / Heap Overflow"	dos	multiple	SecuriTeam
2017-11-01	"Cisco UCS Platform Emulator 3.1(2ePE1) - Remote Code Execution"	remote	linux	SecuriTeam
2017-10-23	"K7 Total Security 15.1.0.305 - Device Driver Arbitrary Memory Read"	dos	windows	SecuriTeam
2017-10-17	"Linux Kernel - 'AF_PACKET' Use-After-Free"	dos	linux	SecuriTeam
2017-10-17	"Linux Kernel - 'AF_PACKET' Use-After-Free"	dos	linux	SecuriTeam
2017-10-16	"Ikraus Anti Virus 2.16.7 - Remote Code Execution"	remote	windows	SecuriTeam
2017-10-13	"FiberHome - Directory Traversal"	webapps	linux	SecuriTeam
2017-10-09	"QNAP HelpDesk < 1.1.12 - SQL Injection"	webapps	php	SecuriTeam
2017-10-09	"PHP Melody 2.7.3 - Multiple Vulnerabilities"	webapps	php	SecuriTeam
2017-09-11	"Hanbanggaoke IP Camera - Arbitrary Password Change"	webapps	hardware	SecuriTeam
2017-09-07	"McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution"	webapps	hardware	SecuriTeam
2017-08-30	"Oracle Java JDK/JRE < 1.8.0.131 / Apache Xerces 2.11.0 - 'PDF/Docx' Server Side Denial of Service"	dos	php	SecuriTeam
2017-08-03	"Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure"	webapps	hardware	SecuriTeam
2017-08-03	"Horde Groupware 5.2.21 - Unauthorized File Download"	webapps	php	SecuriTeam

import requests

response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher	Protocols	Sigalg	Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host	WAF detected

Whatweb

Dns lookup

Raccoon scanner

Cmseek

WAF detector

DNS reconnaince

Bing IP2Host

Wappalyzer

Waybackurl

HostHunter

WPScan

Apache Users

CORS Scanner

API Docs

ReDoc

OpenAPI

Swagger

Search for hundreds of thousands of exploits

"Ichano AtHome IP Cameras - Multiple Vulnerabilities"

Download file

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.