Computer Security
[EN] securityvulns.ru no-pyccku


Camtron CMNC-200 camera multiple security vulnerabilities
Published:18.11.2010
Source:
SecurityVulns ID:11262
Type:remote
Threat Level:
5/10
Description:Buffer overflow in installable ActiveX component, directory traversal, backdoor accounts (m/merlin), unauthorized access, DoS.
Affected:CAMTRON : CMNC-200
CVE:CVE-2010-4244
 CVE-2010-4233 (The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default password of merlin for the mg3500 account, which makes it easier for remote attackers to obtain access via the TELNET interface.)
 CVE-2010-4232 (The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // (slash slash) at the beginning of a URI, as demonstrated by the //system.html URI.)
 CVE-2010-4231 (Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.)
 CVE-2010-4230 (Stack-based buffer overflow in a certain ActiveX control for the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to execute arbitrary code via a long string in the first argument to the connect method.)
Original documentdocumentTrustwave Advisories, TWSL2010-006: Multiple Vulnerabilities in Camtron CMNC-200 IP Camera (18.11.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod