Vulnerabilites related to zivif - pr115-204-p-rs
Vulnerability from fkie_nvd
Published
2017-12-19 02:29
Modified
2025-04-20 01:37
Severity ?
Summary
Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2017/Dec/42 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://twitter.com/silascutler/status/938052460328968192 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Dec/42 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/silascutler/status/938052460328968192 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zivif | pr115-204-p-rs_firmware | 2.3.4.2103 | |
| zivif | pr115-204-p-rs | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zivif:pr115-204-p-rs_firmware:2.3.4.2103:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAA8E02-9468-44CB-B5AF-FDD1D38229F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zivif:pr115-204-p-rs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1E6678-0AB9-4E39-81C9-87A7EE4599E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system\u0027s setup renders this password unchangeable and it can be used to access the device via a TELNET session."
},
{
"lang": "es",
"value": "Las c\u00e1maras web PR115-204-P-RS V2.3.4.2103 de Zivif contiene una contrase\u00f1a cat1029 embebida para el usuario root. La configuraci\u00f3n del sistema operativo SONIX hace que esta contrase\u00f1a no se pueda cambiar y que se pueda utilizar para acceder al dispositivo mediante una sesi\u00f3n TELNET."
}
],
"id": "CVE-2017-17107",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-19T02:29:41.643",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/42"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/silascutler/status/938052460328968192"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-19 02:29
Modified
2025-04-20 01:37
Severity ?
Summary
Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2017/Dec/42 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://twitter.com/silascutler/status/938052460328968192 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Dec/42 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/silascutler/status/938052460328968192 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zivif | pr115-204-p-rs_firmware | 2.3.4.2103 | |
| zivif | pr115-204-p-rs | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zivif:pr115-204-p-rs_firmware:2.3.4.2103:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAA8E02-9468-44CB-B5AF-FDD1D38229F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zivif:pr115-204-p-rs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1E6678-0AB9-4E39-81C9-87A7EE4599E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages."
},
{
"lang": "es",
"value": "Un atacante remoto no autenticado puede obtener las credenciales para las c\u00e1maras web PR115-204-P-RS V2.3.4.2103 de Zivif mediante el uso de una petici\u00f3n HTTP /cgi-bin/hi3510/param.cgi?cmd=getuse en una web est\u00e1ndar. Esta vulnerabilidad existe porque faltan chequeos de autenticaci\u00f3n en las peticiones a las p\u00e1ginas CGI."
}
],
"id": "CVE-2017-17106",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-19T02:29:41.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/42"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/silascutler/status/938052460328968192"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-19 02:29
Modified
2025-04-20 01:37
Severity ?
Summary
Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zivif | pr115-204-p-rs_firmware | 2.3.4.2103 | |
| zivif | pr115-204-p-rs_firmware | 4.7.4.2121 | |
| zivif | pr115-204-p-rs | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zivif:pr115-204-p-rs_firmware:2.3.4.2103:*:*:*:*:*:*:*",
"matchCriteriaId": "FCAA8E02-9468-44CB-B5AF-FDD1D38229F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zivif:pr115-204-p-rs_firmware:4.7.4.2121:*:*:*:*:*:*:*",
"matchCriteriaId": "8A56966F-BFBF-4B84-A251-919CCB9F8897",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zivif:pr115-204-p-rs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1E6678-0AB9-4E39-81C9-87A7EE4599E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi\u0026-time=\"1504225666237\"\u0026-url=$(reboot) request."
},
{
"lang": "es",
"value": "Las c\u00e1maras web Zivif PR115-204-P-RS versi\u00f3n V2.3.4.2103 y versi\u00f3n V4.7.4.2121 (y posiblemente entre las versiones intermedias) son vulnerables a la inyecci\u00f3n de comandos ciegos y sin autenticaci\u00f3n por medio de scripts CGI utilizados como parte de la interfaz web, demostrado por una petici\u00f3n.cgi-bin/iptest.cgi?cmd=iptest.cgi\u0026-time=\"1504225666237\"\u0026-url=$(reboot)."
}
],
"id": "CVE-2017-17105",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-19T02:29:41.550",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/158120/Zivif-Camera-2.3.4.2103-iptest.cgi-Blind-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/42"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/158120/Zivif-Camera-2.3.4.2103-iptest.cgi-Blind-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/silascutler/status/938052460328968192"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201712-0828
Vulnerability from variot
Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request. Zivif Web The camera contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZivifPR115-204-P-RS is a network camera device. A remote command injection vulnerability exists in the ZivifPR115-204-P-RS2.3.4.2103 release. A remote attacker can exploit this vulnerability to inject arbitrary commands. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attack vector: Remote
Authentication: None
Researcher: Silas Cutler p1nk silas.cutler@blacklistthisdomain.com
Release date: December 10, 2017
Full Disclosure: 90 days
CVEs: CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107
Vulnerable Device: Zivif PR115-204-P-RS
Version: V2.3.4.2103
Timeline: 1 September 2017: Initial alerting to Zivif 1 September 2017: Zivif contact established. 3 September 2017: Details provided. 7 September 2017: Confirmation of vulnerabilities from Zivif 5 December 2017: Public note on Social Media CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107 would be included in HackerStrip comic. 10 December 2017: This email
-[Overview]- Implementation of access controls is Zivif cameras is severely lacking. As a result, CGI functions can be called directly, bypassing authentication checks.
This was first identified with the following request (CVE-2017-17106) http:///web/cgi-bin/hi3510/param.cgi?cmd=getuser Cameras respond to this with:
var name0="admin"; var password0="admin"; var authLevel0="255"; var name1="guest"; var password1="guest"; var authLevel1="3"; var name2="admin2"; var password2="admin"; var authLevel2="3"; var name3=""; var password3=""; var authLevel3="3"; var name4=""; var password4=""; var authLevel4="3"; var name5=""; var password5=""; var authLevel5="3"; var name6=""; var password6=""; var authLevel6="3"; var name7=""; var password7=""; var authLevel7="3"; var name8=""; var password8=""; var authLevel8="0"; var name9=""; var password9=""; var authLevel9="0 Credentials are returned in cleartext to the requester.
One last findings was the /etc/passwd file contains the following hard-coded entry (CVE-2017-17107): root:$1$xFoO/s3I$zRQPwLG2yX1biU31a2wxN/:0:0::/root:/bin/sh
The encrypted password is cat1029.
(none) login: root Password: Login incorrect (none) login: root Password: Welcome to SONIX. \u@\h:\W$ Because of the way the file system is structured, changing this password requires more work then running passwd.
-[Note]- The hi3510 is shared with a couple other cameras I'm exploring. The motd saying /Welcome to SONIX/ has lead me to speculate parts of this firmware may be shared with other cameras.
-Silas
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0828",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pr115-204-p-rs",
"scope": "eq",
"trust": 3.0,
"vendor": "zivif",
"version": "2.3.4.2103"
},
{
"model": "pr115-204-p-rs",
"scope": "eq",
"trust": 1.0,
"vendor": "zivif",
"version": "4.7.4.2121"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
},
{
"db": "NVD",
"id": "CVE-2017-17105"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zivif:pr115-204-p-rs_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Silas Cutler",
"sources": [
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
}
],
"trust": 0.7
},
"cve": "CVE-2017-17105",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-17105",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-01360",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-108094",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-17105",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17105",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-17105",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-01360",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-147",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-108094",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-17105",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "VULHUB",
"id": "VHN-108094"
},
{
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
},
{
"db": "NVD",
"id": "CVE-2017-17105"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi\u0026-time=\"1504225666237\"\u0026-url=$(reboot) request. Zivif Web The camera contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZivifPR115-204-P-RS is a network camera device. A remote command injection vulnerability exists in the ZivifPR115-204-P-RS2.3.4.2103 release. A remote attacker can exploit this vulnerability to inject arbitrary commands. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attack vector: Remote\nAuthentication: None\nResearcher: Silas Cutler `p1nk` \u003csilas.cutler@blacklistthisdomain.com\u003e\nRelease date: December 10, 2017\nFull Disclosure: 90 days\nCVEs: CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107\nVulnerable Device: Zivif PR115-204-P-RS\nVersion: V2.3.4.2103\n\n\nTimeline:\n1 September 2017: Initial alerting to Zivif\n1 September 2017: Zivif contact established. \n3 September 2017: Details provided. \n7 September 2017: Confirmation of vulnerabilities from Zivif\n5 December 2017: Public note on Social Media CVE-2017-17105,\nCVE-2017-17106, and CVE-2017-17107 would be included in HackerStrip comic. \n10 December 2017: This email\n\n\n-[Overview]-\nImplementation of access controls is Zivif cameras is severely lacking. \nAs a result, CGI functions can be called directly, bypassing\nauthentication checks. \n\nThis was first identified with the following request (CVE-2017-17106)\nhttp://\u003cCamera Address\u003e/web/cgi-bin/hi3510/param.cgi?cmd=getuser\nCameras respond to this with:\n\nvar name0=\"admin\"; var password0=\"admin\"; var authLevel0=\"255\"; var\nname1=\"guest\"; var password1=\"guest\"; var authLevel1=\"3\"; var\nname2=\"admin2\"; var password2=\"admin\"; var authLevel2=\"3\"; var name3=\"\";\nvar password3=\"\"; var authLevel3=\"3\"; var name4=\"\"; var password4=\"\";\nvar authLevel4=\"3\"; var name5=\"\"; var password5=\"\"; var authLevel5=\"3\";\nvar name6=\"\"; var password6=\"\"; var authLevel6=\"3\"; var name7=\"\"; var\npassword7=\"\"; var authLevel7=\"3\"; var name8=\"\"; var password8=\"\"; var\nauthLevel8=\"0\"; var name9=\"\"; var password9=\"\"; var authLevel9=\"0\nCredentials are returned in cleartext to the requester. \n\nOne last findings was the /etc/passwd file contains the following\nhard-coded entry (CVE-2017-17107):\nroot:$1$xFoO/s3I$zRQPwLG2yX1biU31a2wxN/:0:0::/root:/bin/sh\n\nThe encrypted password is cat1029. \n\n(none) login: root\nPassword:\nLogin incorrect\n(none) login: root\nPassword:\nWelcome to SONIX. \n\\u@\\h:\\W$\nBecause of the way the file system is structured, changing this password\nrequires more work then running passwd. \n\n-[Note]-\nThe hi3510 is shared with a couple other cameras I\u0027m exploring. The\nmotd saying /Welcome to SONIX/ has lead me to speculate parts of this\nfirmware may be shared with other cameras. \n\n\n\n-Silas\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17105"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "VULHUB",
"id": "VHN-108094"
},
{
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"db": "PACKETSTORM",
"id": "145386"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-108094",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108094"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17105",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "145386",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "158120",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-01360",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2020060066",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-108094",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-17105",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "VULHUB",
"id": "VHN-108094"
},
{
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
},
{
"db": "NVD",
"id": "CVE-2017-17105"
}
]
},
"id": "VAR-201712-0828",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "VULHUB",
"id": "VHN-108094"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
}
]
},
"last_update_date": "2024-11-23T21:53:31.641000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://zivif.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108094"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "NVD",
"id": "CVE-2017-17105"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.8,
"url": "http://packetstormsecurity.com/files/145386/zivif-pr115-204-p-rs-2.3.4.2103-bypass-command-injection-hardcoded-password.html"
},
{
"trust": 2.6,
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"trust": 1.9,
"url": "http://packetstormsecurity.com/files/158120/zivif-camera-2.3.4.2103-iptest.cgi-blind-remote-command-execution.html"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2017/dec/42"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17105"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17105"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2020060066"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://\u003ccamera"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17106"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "VULHUB",
"id": "VHN-108094"
},
{
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
},
{
"db": "NVD",
"id": "CVE-2017-17105"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"db": "VULHUB",
"id": "VHN-108094"
},
{
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
},
{
"db": "NVD",
"id": "CVE-2017-17105"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"date": "2017-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-108094"
},
{
"date": "2017-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"date": "2018-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"date": "2017-12-13T16:50:24",
"db": "PACKETSTORM",
"id": "145386"
},
{
"date": "2017-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-147"
},
{
"date": "2017-12-19T02:29:41.550000",
"db": "NVD",
"id": "CVE-2017-17105"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01360"
},
{
"date": "2020-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-108094"
},
{
"date": "2020-06-16T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17105"
},
{
"date": "2018-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011810"
},
{
"date": "2020-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-147"
},
{
"date": "2024-11-21T03:17:29.930000",
"db": "NVD",
"id": "CVE-2017-17105"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zivif Web Command injection vulnerability in camera",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011810"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-147"
}
],
"trust": 0.6
}
}
var-201712-0829
Vulnerability from variot
Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages. Zivif Web The camera contains a vulnerability related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZivifPR115-204-P-RS is a network camera device. Attack vector: Remote
Authentication: None
Researcher: Silas Cutler p1nk silas.cutler@blacklistthisdomain.com
Release date: December 10, 2017
Full Disclosure: 90 days
CVEs: CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107
Vulnerable Device: Zivif PR115-204-P-RS
Version: V2.3.4.2103
Timeline: 1 September 2017: Initial alerting to Zivif 1 September 2017: Zivif contact established. 3 September 2017: Details provided. 7 September 2017: Confirmation of vulnerabilities from Zivif 5 December 2017: Public note on Social Media CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107 would be included in HackerStrip comic. 10 December 2017: This email
-[Overview]- Implementation of access controls is Zivif cameras is severely lacking.
This was first identified with the following request (CVE-2017-17106) http:///web/cgi-bin/hi3510/param.cgi?cmd=getuser Cameras respond to this with:
var name0="admin"; var password0="admin"; var authLevel0="255"; var name1="guest"; var password1="guest"; var authLevel1="3"; var name2="admin2"; var password2="admin"; var authLevel2="3"; var name3=""; var password3=""; var authLevel3="3"; var name4=""; var password4=""; var authLevel4="3"; var name5=""; var password5=""; var authLevel5="3"; var name6=""; var password6=""; var authLevel6="3"; var name7=""; var password7=""; var authLevel7="3"; var name8=""; var password8=""; var authLevel8="0"; var name9=""; var password9=""; var authLevel9="0 Credentials are returned in cleartext to the requester.
In exploring, unauthenticated remote command injection is possible using (CVE-2017-17105) http:///cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot)
Command results are not returned, however are executed by the system.
One last findings was the /etc/passwd file contains the following hard-coded entry (CVE-2017-17107): root:$1$xFoO/s3I$zRQPwLG2yX1biU31a2wxN/:0:0::/root:/bin/sh
The encrypted password is cat1029.
(none) login: root Password: Login incorrect (none) login: root Password: Welcome to SONIX. \u@\h:\W$ Because of the way the file system is structured, changing this password requires more work then running passwd.
-[Note]- The hi3510 is shared with a couple other cameras I'm exploring. The motd saying /Welcome to SONIX/ has lead me to speculate parts of this firmware may be shared with other cameras.
-Silas
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0829",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pr115-204-p-rs",
"scope": "eq",
"trust": 3.0,
"vendor": "zivif",
"version": "2.3.4.2103"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01359"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011811"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-146"
},
{
"db": "NVD",
"id": "CVE-2017-17106"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zivif:pr115-204-p-rs_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011811"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Silas Cutler",
"sources": [
{
"db": "PACKETSTORM",
"id": "145386"
}
],
"trust": 0.1
},
"cve": "CVE-2017-17106",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-17106",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-01359",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-108095",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-17106",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17106",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-17106",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-01359",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-146",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-108095",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-17106",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01359"
},
{
"db": "VULHUB",
"id": "VHN-108095"
},
{
"db": "VULMON",
"id": "CVE-2017-17106"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011811"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-146"
},
{
"db": "NVD",
"id": "CVE-2017-17106"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages. Zivif Web The camera contains a vulnerability related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZivifPR115-204-P-RS is a network camera device. Attack vector: Remote\nAuthentication: None\nResearcher: Silas Cutler `p1nk` \u003csilas.cutler@blacklistthisdomain.com\u003e\nRelease date: December 10, 2017\nFull Disclosure: 90 days\nCVEs: CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107\nVulnerable Device: Zivif PR115-204-P-RS\nVersion: V2.3.4.2103\n\n\nTimeline:\n1 September 2017: Initial alerting to Zivif\n1 September 2017: Zivif contact established. \n3 September 2017: Details provided. \n7 September 2017: Confirmation of vulnerabilities from Zivif\n5 December 2017: Public note on Social Media CVE-2017-17105,\nCVE-2017-17106, and CVE-2017-17107 would be included in HackerStrip comic. \n10 December 2017: This email\n\n\n-[Overview]-\nImplementation of access controls is Zivif cameras is severely lacking. \n\nThis was first identified with the following request (CVE-2017-17106)\nhttp://\u003cCamera Address\u003e/web/cgi-bin/hi3510/param.cgi?cmd=getuser\nCameras respond to this with:\n\nvar name0=\"admin\"; var password0=\"admin\"; var authLevel0=\"255\"; var\nname1=\"guest\"; var password1=\"guest\"; var authLevel1=\"3\"; var\nname2=\"admin2\"; var password2=\"admin\"; var authLevel2=\"3\"; var name3=\"\";\nvar password3=\"\"; var authLevel3=\"3\"; var name4=\"\"; var password4=\"\";\nvar authLevel4=\"3\"; var name5=\"\"; var password5=\"\"; var authLevel5=\"3\";\nvar name6=\"\"; var password6=\"\"; var authLevel6=\"3\"; var name7=\"\"; var\npassword7=\"\"; var authLevel7=\"3\"; var name8=\"\"; var password8=\"\"; var\nauthLevel8=\"0\"; var name9=\"\"; var password9=\"\"; var authLevel9=\"0\nCredentials are returned in cleartext to the requester. \n\nIn exploring, unauthenticated remote command injection is possible using\n(CVE-2017-17105)\nhttp://\u003cCamera\nIP\u003e/cgi-bin/iptest.cgi?cmd=iptest.cgi\u0026-time=\"1504225666237\"\u0026-url=$(reboot)\n\nCommand results are not returned, however are executed by the system. \n\nOne last findings was the /etc/passwd file contains the following\nhard-coded entry (CVE-2017-17107):\nroot:$1$xFoO/s3I$zRQPwLG2yX1biU31a2wxN/:0:0::/root:/bin/sh\n\nThe encrypted password is cat1029. \n\n(none) login: root\nPassword:\nLogin incorrect\n(none) login: root\nPassword:\nWelcome to SONIX. \n\\u@\\h:\\W$\nBecause of the way the file system is structured, changing this password\nrequires more work then running passwd. \n\n-[Note]-\nThe hi3510 is shared with a couple other cameras I\u0027m exploring. The\nmotd saying /Welcome to SONIX/ has lead me to speculate parts of this\nfirmware may be shared with other cameras. \n\n\n\n-Silas\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17106"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011811"
},
{
"db": "CNVD",
"id": "CNVD-2018-01359"
},
{
"db": "VULHUB",
"id": "VHN-108095"
},
{
"db": "VULMON",
"id": "CVE-2017-17106"
},
{
"db": "PACKETSTORM",
"id": "145386"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17106",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "145386",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011811",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-146",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-01359",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-108095",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-17106",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01359"
},
{
"db": "VULHUB",
"id": "VHN-108095"
},
{
"db": "VULMON",
"id": "CVE-2017-17106"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011811"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-146"
},
{
"db": "NVD",
"id": "CVE-2017-17106"
}
]
},
"id": "VAR-201712-0829",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01359"
},
{
"db": "VULHUB",
"id": "VHN-108095"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01359"
}
]
},
"last_update_date": "2024-11-23T21:53:31.603000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://zivif.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011811"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108095"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011811"
},
{
"db": "NVD",
"id": "CVE-2017-17106"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://packetstormsecurity.com/files/145386/zivif-pr115-204-p-rs-2.3.4.2103-bypass-command-injection-hardcoded-password.html"
},
{
"trust": 2.6,
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2017/dec/42"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17106"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17106"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://\u003ccamera"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17105"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01359"
},
{
"db": "VULHUB",
"id": "VHN-108095"
},
{
"db": "VULMON",
"id": "CVE-2017-17106"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011811"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-146"
},
{
"db": "NVD",
"id": "CVE-2017-17106"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-01359"
},
{
"db": "VULHUB",
"id": "VHN-108095"
},
{
"db": "VULMON",
"id": "CVE-2017-17106"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011811"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-146"
},
{
"db": "NVD",
"id": "CVE-2017-17106"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01359"
},
{
"date": "2017-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-108095"
},
{
"date": "2017-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17106"
},
{
"date": "2018-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011811"
},
{
"date": "2017-12-13T16:50:24",
"db": "PACKETSTORM",
"id": "145386"
},
{
"date": "2017-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-146"
},
{
"date": "2017-12-19T02:29:41.597000",
"db": "NVD",
"id": "CVE-2017-17106"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01359"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-108095"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17106"
},
{
"date": "2018-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011811"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-146"
},
{
"date": "2024-11-21T03:17:30.087000",
"db": "NVD",
"id": "CVE-2017-17106"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-146"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zivif Web Vulnerabilities related to certificate / password management in cameras",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011811"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-146"
}
],
"trust": 0.6
}
}
var-201712-0830
Vulnerability from variot
Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session. Zivif Web The camera contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZivifPR115-204-P-RS is a network camera device. Attack vector: Remote
Authentication: None
Researcher: Silas Cutler p1nk silas.cutler@blacklistthisdomain.com
Release date: December 10, 2017
Full Disclosure: 90 days
CVEs: CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107
Vulnerable Device: Zivif PR115-204-P-RS
Version: V2.3.4.2103
Timeline: 1 September 2017: Initial alerting to Zivif 1 September 2017: Zivif contact established. 3 September 2017: Details provided. 7 September 2017: Confirmation of vulnerabilities from Zivif 5 December 2017: Public note on Social Media CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107 would be included in HackerStrip comic. 10 December 2017: This email
-[Overview]- Implementation of access controls is Zivif cameras is severely lacking. As a result, CGI functions can be called directly, bypassing authentication checks.
This was first identified with the following request (CVE-2017-17106) http:///web/cgi-bin/hi3510/param.cgi?cmd=getuser Cameras respond to this with:
var name0="admin"; var password0="admin"; var authLevel0="255"; var name1="guest"; var password1="guest"; var authLevel1="3"; var name2="admin2"; var password2="admin"; var authLevel2="3"; var name3=""; var password3=""; var authLevel3="3"; var name4=""; var password4=""; var authLevel4="3"; var name5=""; var password5=""; var authLevel5="3"; var name6=""; var password6=""; var authLevel6="3"; var name7=""; var password7=""; var authLevel7="3"; var name8=""; var password8=""; var authLevel8="0"; var name9=""; var password9=""; var authLevel9="0 Credentials are returned in cleartext to the requester.
In exploring, unauthenticated remote command injection is possible using (CVE-2017-17105) http:///cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot)
Command results are not returned, however are executed by the system.
One last findings was the /etc/passwd file contains the following hard-coded entry (CVE-2017-17107): root:$1$xFoO/s3I$zRQPwLG2yX1biU31a2wxN/:0:0::/root:/bin/sh
The encrypted password is cat1029.
(none) login: root Password: Login incorrect (none) login: root Password: Welcome to SONIX. \u@\h:\W$ Because of the way the file system is structured, changing this password requires more work then running passwd.
-[Note]- The hi3510 is shared with a couple other cameras I'm exploring. The motd saying /Welcome to SONIX/ has lead me to speculate parts of this firmware may be shared with other cameras.
-Silas
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0830",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pr115-204-p-rs",
"scope": "eq",
"trust": 3.0,
"vendor": "zivif",
"version": "2.3.4.2103"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01358"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011812"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-145"
},
{
"db": "NVD",
"id": "CVE-2017-17107"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zivif:pr115-204-p-rs_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011812"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Silas Cutler",
"sources": [
{
"db": "PACKETSTORM",
"id": "145386"
}
],
"trust": 0.1
},
"cve": "CVE-2017-17107",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-17107",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-01358",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-108096",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-17107",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17107",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-17107",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-01358",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-145",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-108096",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-17107",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01358"
},
{
"db": "VULHUB",
"id": "VHN-108096"
},
{
"db": "VULMON",
"id": "CVE-2017-17107"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011812"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-145"
},
{
"db": "NVD",
"id": "CVE-2017-17107"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system\u0027s setup renders this password unchangeable and it can be used to access the device via a TELNET session. Zivif Web The camera contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZivifPR115-204-P-RS is a network camera device. Attack vector: Remote\nAuthentication: None\nResearcher: Silas Cutler `p1nk` \u003csilas.cutler@blacklistthisdomain.com\u003e\nRelease date: December 10, 2017\nFull Disclosure: 90 days\nCVEs: CVE-2017-17105, CVE-2017-17106, and CVE-2017-17107\nVulnerable Device: Zivif PR115-204-P-RS\nVersion: V2.3.4.2103\n\n\nTimeline:\n1 September 2017: Initial alerting to Zivif\n1 September 2017: Zivif contact established. \n3 September 2017: Details provided. \n7 September 2017: Confirmation of vulnerabilities from Zivif\n5 December 2017: Public note on Social Media CVE-2017-17105,\nCVE-2017-17106, and CVE-2017-17107 would be included in HackerStrip comic. \n10 December 2017: This email\n\n\n-[Overview]-\nImplementation of access controls is Zivif cameras is severely lacking. \nAs a result, CGI functions can be called directly, bypassing\nauthentication checks. \n\nThis was first identified with the following request (CVE-2017-17106)\nhttp://\u003cCamera Address\u003e/web/cgi-bin/hi3510/param.cgi?cmd=getuser\nCameras respond to this with:\n\nvar name0=\"admin\"; var password0=\"admin\"; var authLevel0=\"255\"; var\nname1=\"guest\"; var password1=\"guest\"; var authLevel1=\"3\"; var\nname2=\"admin2\"; var password2=\"admin\"; var authLevel2=\"3\"; var name3=\"\";\nvar password3=\"\"; var authLevel3=\"3\"; var name4=\"\"; var password4=\"\";\nvar authLevel4=\"3\"; var name5=\"\"; var password5=\"\"; var authLevel5=\"3\";\nvar name6=\"\"; var password6=\"\"; var authLevel6=\"3\"; var name7=\"\"; var\npassword7=\"\"; var authLevel7=\"3\"; var name8=\"\"; var password8=\"\"; var\nauthLevel8=\"0\"; var name9=\"\"; var password9=\"\"; var authLevel9=\"0\nCredentials are returned in cleartext to the requester. \n\nIn exploring, unauthenticated remote command injection is possible using\n(CVE-2017-17105)\nhttp://\u003cCamera\nIP\u003e/cgi-bin/iptest.cgi?cmd=iptest.cgi\u0026-time=\"1504225666237\"\u0026-url=$(reboot)\n\nCommand results are not returned, however are executed by the system. \n\nOne last findings was the /etc/passwd file contains the following\nhard-coded entry (CVE-2017-17107):\nroot:$1$xFoO/s3I$zRQPwLG2yX1biU31a2wxN/:0:0::/root:/bin/sh\n\nThe encrypted password is cat1029. \n\n(none) login: root\nPassword:\nLogin incorrect\n(none) login: root\nPassword:\nWelcome to SONIX. \n\\u@\\h:\\W$\nBecause of the way the file system is structured, changing this password\nrequires more work then running passwd. \n\n-[Note]-\nThe hi3510 is shared with a couple other cameras I\u0027m exploring. The\nmotd saying /Welcome to SONIX/ has lead me to speculate parts of this\nfirmware may be shared with other cameras. \n\n\n\n-Silas\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17107"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011812"
},
{
"db": "CNVD",
"id": "CNVD-2018-01358"
},
{
"db": "VULHUB",
"id": "VHN-108096"
},
{
"db": "VULMON",
"id": "CVE-2017-17107"
},
{
"db": "PACKETSTORM",
"id": "145386"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "145386",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2017-17107",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011812",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-145",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-01358",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-108096",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-17107",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01358"
},
{
"db": "VULHUB",
"id": "VHN-108096"
},
{
"db": "VULMON",
"id": "CVE-2017-17107"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011812"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-145"
},
{
"db": "NVD",
"id": "CVE-2017-17107"
}
]
},
"id": "VAR-201712-0830",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01358"
},
{
"db": "VULHUB",
"id": "VHN-108096"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01358"
}
]
},
"last_update_date": "2024-11-23T21:53:31.681000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://zivif.com/"
},
{
"title": "Exp101tsArchiv30thers",
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/Exp101tsArchiv30thers "
},
{
"title": "awesome-cve-poc_qazbnm456",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-17107"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011812"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108096"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011812"
},
{
"db": "NVD",
"id": "CVE-2017-17107"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://packetstormsecurity.com/files/145386/zivif-pr115-204-p-rs-2.3.4.2103-bypass-command-injection-hardcoded-password.html"
},
{
"trust": 2.6,
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2017/dec/42"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17107"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17107"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://\u003ccamera"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17105"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17106"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01358"
},
{
"db": "VULHUB",
"id": "VHN-108096"
},
{
"db": "VULMON",
"id": "CVE-2017-17107"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011812"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-145"
},
{
"db": "NVD",
"id": "CVE-2017-17107"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-01358"
},
{
"db": "VULHUB",
"id": "VHN-108096"
},
{
"db": "VULMON",
"id": "CVE-2017-17107"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011812"
},
{
"db": "PACKETSTORM",
"id": "145386"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-145"
},
{
"db": "NVD",
"id": "CVE-2017-17107"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01358"
},
{
"date": "2017-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-108096"
},
{
"date": "2017-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17107"
},
{
"date": "2018-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011812"
},
{
"date": "2017-12-13T16:50:24",
"db": "PACKETSTORM",
"id": "145386"
},
{
"date": "2017-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-145"
},
{
"date": "2017-12-19T02:29:41.643000",
"db": "NVD",
"id": "CVE-2017-17107"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01358"
},
{
"date": "2018-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-108096"
},
{
"date": "2018-01-12T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17107"
},
{
"date": "2018-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011812"
},
{
"date": "2017-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-145"
},
{
"date": "2024-11-21T03:17:30.233000",
"db": "NVD",
"id": "CVE-2017-17107"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-145"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zivif Web Vulnerabilities related to the use of hard-coded credentials in cameras",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011812"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-145"
}
],
"trust": 0.6
}
}
CVE-2017-17105 (GCVE-0-2017-17105)
Vulnerability from cvelistv5
Published
2017-12-18 17:00
Modified
2024-08-05 20:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://twitter.com/silascutler/status/938052460328968192 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2017/Dec/42 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/158120/Zivif-Camera-2.3.4.2103-iptest.cgi-Blind-Remote-Command-Execution.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"name": "20171212 Three exploits for Zivif Web Cameras (may impact others)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/42"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158120/Zivif-Camera-2.3.4.2103-iptest.cgi-Blind-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi\u0026-time=\"1504225666237\"\u0026-url=$(reboot) request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-16T21:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"name": "20171212 Three exploits for Zivif Web Cameras (may impact others)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/42"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158120/Zivif-Camera-2.3.4.2103-iptest.cgi-Blind-Remote-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi\u0026-time=\"1504225666237\"\u0026-url=$(reboot) request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/silascutler/status/938052460328968192",
"refsource": "MISC",
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"name": "20171212 Three exploits for Zivif Web Cameras (may impact others)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Dec/42"
},
{
"name": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html"
},
{
"name": "http://packetstormsecurity.com/files/158120/Zivif-Camera-2.3.4.2103-iptest.cgi-Blind-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158120/Zivif-Camera-2.3.4.2103-iptest.cgi-Blind-Remote-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17105",
"datePublished": "2017-12-18T17:00:00",
"dateReserved": "2017-12-03T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17106 (GCVE-0-2017-17106)
Vulnerability from cvelistv5
Published
2017-12-18 17:00
Modified
2024-08-05 20:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://twitter.com/silascutler/status/938052460328968192 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2017/Dec/42 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"name": "20171212 Three exploits for Zivif Web Cameras (may impact others)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/42"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"name": "20171212 Three exploits for Zivif Web Cameras (may impact others)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/42"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/silascutler/status/938052460328968192",
"refsource": "MISC",
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"name": "20171212 Three exploits for Zivif Web Cameras (may impact others)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Dec/42"
},
{
"name": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17106",
"datePublished": "2017-12-18T17:00:00",
"dateReserved": "2017-12-03T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17107 (GCVE-0-2017-17107)
Vulnerability from cvelistv5
Published
2017-12-18 17:00
Modified
2024-08-05 20:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session.
References
| ▼ | URL | Tags |
|---|---|---|
| https://twitter.com/silascutler/status/938052460328968192 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2017/Dec/42 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"name": "20171212 Three exploits for Zivif Web Cameras (may impact others)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/42"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system\u0027s setup renders this password unchangeable and it can be used to access the device via a TELNET session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"name": "20171212 Three exploits for Zivif Web Cameras (may impact others)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/42"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system\u0027s setup renders this password unchangeable and it can be used to access the device via a TELNET session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/silascutler/status/938052460328968192",
"refsource": "MISC",
"url": "https://twitter.com/silascutler/status/938052460328968192"
},
{
"name": "20171212 Three exploits for Zivif Web Cameras (may impact others)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Dec/42"
},
{
"name": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145386/Zivif-PR115-204-P-RS-2.3.4.2103-Bypass-Command-Injection-Hardcoded-Password.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17107",
"datePublished": "2017-12-18T17:00:00",
"dateReserved": "2017-12-03T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}