Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:26417
HistoryMay 26, 2011 - 12:00 a.m.

Remote Password Disclosure Vulnerability in RXS-3211 IP Camera + others

2011-05-2600:00:00
vulners.com
34
JSON

-==Description==-
The RXS-3211 IP camera, among others, is vulnerable to remote password disclosure, which can
be exploited by an unauthenticated attacker with a single UDP packet. The problem exists in the
camera management protocol used by the devices, which sends the administrator password and
other configuration settings in cleartext following an unauthenticated request.

The following UDP payload, sent to port 13364 on a vulnerable device, can exploit the issue:

\xff\xff\xff\xff\xff\xff\x00\x06\xff\xf9

It is also possible to set configuration settings on the remote device with a single
unauthenticated request.

-==Mitigation==-
Block external access to UDP port 13364.

-==Disclosure==-
Contacted Rosewill, but received no response.

-==PoCs==-
http://spareclockcycles.org/downloads/code/rxs_3211_retrievepw.rb
http://spareclockcycles.org/downloads/code/rxs-3211-retrievepw.py
http://spareclockcycles.org/downloads/code/rxs-3211-changepw.py

-==Reference==-
http://spareclockcycles.org/2011/05/23/exploiting-an-ip-camera-control-protocol/

-==Affected Devices==-
http://spareclockcycles.org/downloads/ipcam_pass_disclosure_devices.txt

JSON