Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29025
HistoryFeb 11, 2013 - 12:00 a.m.

CVE-2012-6451 Authentication Bypass in LOREX IP Cameras

2013-02-1100:00:00
vulners.com
146
JSON

Product: Lorex LNC116 and LNC104 IP Cameras
Vendor: LOREX Technology Inc.
Vulnerability Type: Authentication Bypass
Vulnerable Firmware Version(s): 030312 and earlier
Tested Firmware Version: 030312
Fixed Firmware Version: 030405
Solution Status: Fixed by Vendor
Vendor Notification: December 22, 2012
Public Disclosure: February 5, 2013
CVE Reference: CVE-2012-6451
Credit: Jason Doyle / Twitter @jasond0yle

Advisory Details:
The cameraโ€™s web interface uses HTTP Basic for authentication, but authentication details are only validated on the

home login page. By forced browsing, or navigating directly to any valid URL on the web interface other than the

homepage, it is possible to bypass authentication.

Risk:
It's possible to view the live video feed and/or change all configurable settings anonymously.

Proof of Concept:
Navigate directly to http://x.x.x.x/cgi-bin/display.cgi to view the cameraโ€™s live video feed anonymously.

Solution:
Upgrade to firmware version 030405.

Related

securityvulns 1
cve 1
zdt 1
prion 1
packetstorm 1
securityvulns
securityvulns
Lorex IP cameras authenticaiton bypass
2013-02-11 00:00:00
cve
cve
CVE-2012-6451
2020-01-24 15:15:00
zdt
zdt
Lorex LNC116 / LNC104 IP Camera Authentication Bypass Vulnerability
2013-02-06 00:00:00
prion
prion
Authentication flaw
2020-01-24 15:15:00
packetstorm
packetstorm
Lorex LNC116 / LNC104 IP Camera Authentication Bypass
2013-02-05 00:00:00
JSON
Related for SECURITYVULNS:DOC:29025
securityvulns1cve1zdt1prion1packetstorm1