Search for hundreds of thousands of exploits

"CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities"

Author

Exploit author

"Alex Akinbi"

Platform

Exploit platform

hardware

Release date

Exploit published date

2019-06-17

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
1. Advisory Information
========================================
Title: Clever Dog Smart Camera
Vendor Homepage: http://www.cleverdog.com.cn/
Tested on Camera types	: DOG-2W, DOG-2W-V4
Vulnerability: Hardware- Multiple Vulnerabilities
Date: 14/06/2019
Author: Alex Akinbi      Twitter: @alexakinbi 

1. Unauthenticated file disclosure:
========================================
An attacker on the local network has unauthenticated access to the internal SD card via HTTP service on port 8000. The HTTP web server on the camera allows an attacker to download video archive recorded and saved on the external memory card attached. 
For example: http://192.168.1.81:8000/20190606

2. Telnet Backdoor using default credentials:
========================================
An attacker on the network can login remotely to the camera and gain root access. The device ships with hard-coded credentials, accessible from a telnet login prompt using credentials username: " root" and password: "12345678". These credentials work on all devices.

3. Login password sent over network unencrypted using Clever Dog App:
========================================
Using a packet sniffer, an attacker on the same network can capture data packets and view
captured user login password MD5 hash. A weak password can be cracked and used to login to the user account.


4. SOLUTION
========================================
Contact the vendor for further information regarding the proper mitigation of this vulnerability.
Release DateTitleTypePlatformAuthor
2020-07-08"SuperMicro IPMI 03.40 - Cross-Site Request Forgery (Add Admin)"webappshardware"Metin Yunus Kandemir"
2020-07-08"BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery (Change Password)"webappshardware"William Summerhill"
2020-07-07"Sickbeard 0.1 - Remote Command Injection"webappshardwarebdrake
2020-06-25"mySCADA myPRO 7 - Hardcoded Credentials"remotehardware"Emre Γ–VÜNΓ‡"
2020-06-15"Netgear R7000 Router - Remote Code Execution"webappshardwaregrimm-co
2020-06-08"Kyocera Printer d-COPIA253MF - Directory Traversal (PoC)"webappshardware"Hakan Eren ŞAN"
2020-06-04"Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read"webappshardwareLiquidWorm
2020-06-04"AirControl 1.4.2 - PreAuth Remote Code Execution"webappshardware0xd0ff9
2020-06-04"D-Link DIR-615 T1 20.10 - CAPTCHA Bypass"webappshardware"huzaifa hussain"
2020-06-04"SnapGear Management Console SG560 3.1.5 - Cross-Site Request Forgery (Add Super User)"webappshardwareLiquidWorm
Release DateTitleTypePlatformAuthor
2019-06-17"CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities"webappshardware"Alex Akinbi"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46993/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.