Menu

Search for hundreds of thousands of exploits

"CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities"

Author

"Alex Akinbi"

Platform

hardware

Release date

2019-06-17

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
1. Advisory Information
========================================
Title: Clever Dog Smart Camera
Vendor Homepage: http://www.cleverdog.com.cn/
Tested on Camera types	: DOG-2W, DOG-2W-V4
Vulnerability: Hardware- Multiple Vulnerabilities
Date: 14/06/2019
Author: Alex Akinbi      Twitter: @alexakinbi 

1. Unauthenticated file disclosure:
========================================
An attacker on the local network has unauthenticated access to the internal SD card via HTTP service on port 8000. The HTTP web server on the camera allows an attacker to download video archive recorded and saved on the external memory card attached. 
For example: http://192.168.1.81:8000/20190606

2. Telnet Backdoor using default credentials:
========================================
An attacker on the network can login remotely to the camera and gain root access. The device ships with hard-coded credentials, accessible from a telnet login prompt using credentials username: " root" and password: "12345678". These credentials work on all devices.

3. Login password sent over network unencrypted using Clever Dog App:
========================================
Using a packet sniffer, an attacker on the same network can capture data packets and view
captured user login password MD5 hash. A weak password can be cracked and used to login to the user account.


4. SOLUTION
========================================
Contact the vendor for further information regarding the proper mitigation of this vulnerability.
Release Date Title Type Platform Author
2019-09-16 "Inteno IOPSYS Gateway - Improper Access Restrictions" remote hardware "Gerard Fuguet"
2019-09-11 "eWON Flexy - Authentication Bypass" webapps hardware Photubias
2019-09-04 "DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting" webapps hardware "Adam Ziaja"
2019-09-03 "Cisco RV110W/RV130(W)/RV215W Routers Management Interface - Remote Command Execution (Metasploit)" remote hardware Metasploit
2019-09-02 "IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 - Arbitrary File Read" remote hardware "Todor Donev"
2019-09-02 "Cisco Email Security Appliance (IronPort) C160 - 'Host' Header Injection" remote hardware "Todor Donev"
2019-08-19 "FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure" webapps hardware "Carlos E. Vieira"
2019-08-19 "FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)" webapps hardware "Carlos E. Vieira"
2019-08-14 "D-Link DIR-600M - Authentication Bypass (Metasploit)" webapps hardware "Devendra Singh Solanki"
2019-08-12 "Cisco Adaptive Security Appliance - Path Traversal (Metasploit)" webapps hardware "Angelo Ruwantha"
2019-08-01 "Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery" webapps hardware "Alperen Soydan"
2019-07-30 "Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming" webapps hardware "Jacob Baines"
2019-07-24 "Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery" webapps hardware "Mehmet Onder"
2019-07-15 "CISCO Small Business 200 / 300 / 500 Switches - Multiple Vulnerabilities" webapps hardware Ramikan
2019-07-15 "NETGEAR WiFi Router JWNR2010v5 / R6080 - Authentication Bypass" webapps hardware Wadeek
2019-07-12 "Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting" webapps hardware ABDO10
2019-07-01 "FaceSentry Access Control System 6.4.8 - Remote Root Exploit" webapps hardware LiquidWorm
2019-07-01 "FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery" webapps hardware LiquidWorm
2019-07-01 "FaceSentry Access Control System 6.4.8 - Remote Command Injection" webapps hardware LiquidWorm
2019-07-01 "FaceSentry Access Control System 6.4.8 - Remote SSH Root" remote hardware LiquidWorm
2019-06-25 "Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution" webapps hardware XORcat
2019-06-25 "SAPIDO RB-1732 - Remote Command Execution" remote hardware k1nm3n.aotoi
2019-06-17 "CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities" webapps hardware "Alex Akinbi"
2019-06-06 "Supra Smart Cloud TV - 'openLiveURL()' Remote File Inclusion" webapps hardware "Dhiraj Mishra"
2019-06-03 "AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control" webapps hardware Luca.Chiou
2019-06-04 "Cisco RV130W 1.0.3.44 - Remote Stack Overflow" remote hardware @0x00string
2019-06-04 "NUUO NVRMini 2 3.9.1 - 'sscanf' Stack Overflow" remote hardware @0x00string
2019-05-22 "Carel pCOWeb < B1.2.1 - Credentials Disclosure" webapps hardware Luca.Chiou
2019-05-22 "Carel pCOWeb < B1.2.1 - Cross-Site Scripting" webapps hardware Luca.Chiou
2019-05-22 "AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting" webapps hardware Luca.Chiou
Release Date Title Type Platform Author
2019-06-17 "CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities" webapps hardware "Alex Akinbi"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46993/?format=json')
                        {"url": "https://www.nmmapper.com/api/exploitdetails/46993/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46993/41413/cleverdog-smart-camera-dog-2w-dog-2w-v4-multiple-vulnerabilities/download/", "exploit_id": "46993", "exploit_description": "\"CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities\"", "exploit_date": "2019-06-17", "exploit_author": "\"Alex Akinbi\"", "exploit_type": "webapps", "exploit_platform": "hardware", "exploit_port": null}
                    

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Wig is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications including basic vulnerability identification.

Browse exploit APIBrowse