A number of vulnerabilities affect IP Enabled AirLive Cameras

A number of AirLive Cameras are affected by command injection vulnerabilities that could allow attackers to decode user credentials and control the devices.

A number of IP-enabled AirLive cameras manufactured by OvisLink Corp are affected by command injection vulnerabilities that could be exploited by attackers to decode user credentials and completely control the devices.

According to the experts at security firm Core Security, at least five different models of AirLive cameras are vulnerable. The following builds are at risk:

  • AirLive BU-2015 with firmware 1.03.18 16.06.2014
  • AirLive BU-3026 with firmware 1.43 21.08.2014
  • AirLive MD-3025 with firmware 1.81 21.08.2014
  • AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011
  • AirLive POE-200CAM v2 with firmware LM.1.6.17.01

a1

The researcher Nahuel Riva explained that the AirLive cameras MD-3025, BU-3026 and the BU-2015 are affected by a command injection vulnerability in the cgi_test.cgi binary file.

If the owner of the camera hasn’t changed the default configuration by forcing the use of HTTPs, the attackers can request the file without authentication by injecting arbitrary commands into the operating system. With such kind of attack hackers can access information managed by AirLive camera, including the MAC address, model, hardware and firmware version, along with aìother sensitive details.

“[CVE-2015-2279] There is an OS Command Injection in the cgi_test.cgi binary file in the AirLive MD-3025, BU-3026 and BU-2015 cameras when handling certain parameters. That specific CGI file can be requested without authentication, unless the user specified in the configuration of the camera that every communication should be performed over HTTPS (not enabled by default).

The vulnerable parameters are the following: write_mac, write_pid, write_msn, write_tan, write_hdv.” states the post.

The other two cameras, WL-2000CAM and POE-200CAM, also suffer similar flaws in CGI files that could allow to run a command injection flaw. Both models of AirLive cameras have hardcoded credentials that can be easily retrieved and decoded with this attack.

“[CVE-2014-8389] The AirLive WL-2000CAM anf POE-200CAM “/cgi-bin/mft/wireless_mft.cgi” binary file, has an OS command injection in the parameter ap that can be exploited using the hard-coded credentials the embedded Boa web server has inside its configuration file:

  • username: manufacture
  • password: erutcafunam

The following proof of concept copies the file where the user credentials are stored in the web server root directory:

<a href=”http://<Camera-IP>/cgi-bin/mft/wireless_mft?ap=testname;cp%20/var/www/secret.passwd%20/web/html/credentials”>http://<Camera-IP>/cgi-bin/mft/wireless_mft?ap=testname;cp%20/var/www/…</a>

Afterwards, the user credentials can be obtained by requesting:

<a href=”http://<Camera-IP>/credentials”>http://<Camera-IP>/credentials</a>

“I found these vulnerabilities by looking at the firmware,” Riva said Monday of her research, “I found that I could invoke some CGIs without authentication, and some backdoor accounts allowed me to execute arbitrary OS commands on the device.”

Core Security tried multiple times to get in touch with the manufacturer to fix the issues in the AirLive cameras, but never received a response.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.

APPLY NOW

10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase

X