![]() In the video, the flawed CGI script is exploited to make it point to an attacker's phishing URL that resembles the Foscam Web UI Login page. The following video demonstrates an attack scenario where a phishing page is injected using one of the discovered vulnerabilitiesĪ typical attack scenario for phishing a camera's login credentials would involve an HTTP request of the form: While a 20 character limit isn’t very useful as an exploit opportunity, 64 characters is large enough to allow the injection of something more effective onto the camera. The flaw exists in two CGI scripts on the camera that allow injection of code, one with a limit of 20 characters, and the other allowing 64 characters (except ', \, \n, \r) to be injected. ![]() The discovered flaw allows an attacker to inject code into certain pages, and to even upload an exploited version of its firmware with a back door enabled onto the vulnerable camera. ![]() During the investigation, Emanuele Cozzi of Eurecom found a flaw in the IP camera's file system UI (more specifically, in the CGI scripts). To do this, Fortinet, in collaboration with Eurecom, organized a student project. FOSCAM DEFAULT PASSWORD SERIALSummaryĪfter successfully gaining access to the File System on an IP Camera via a serial connection, as recorded in a previous post, the plan was to explore the File System for potential vulnerabilities. The following discovery is the product of one such student collaboration project. To highlight the value of such a program, the team at our French offices regularly collaborate with students who work with us on a range of security projects. In case you missed it, Fortinet recently introduced the Fortinet Network Security Academy (FNSA) with the objective of providing individuals with advanced cybersecurity skills in order to address the industry’s current skills shortage. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |