Web application abuses : AVTECH Devices Multiple Vulnerabilities

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.809067

Kategorie: Web application abuses

Titel: AVTECH Devices Multiple Vulnerabilities

Zusammenfassung: This host is installed with an; AVTECH device(IP camera/NVR/DVR) and is prone to multiple vulnerabilities.;; This vulnerability was known to be exploited by the IoT Botnet 'Reaper' in 2017.

Beschreibung: Summary:
This host is installed with an
AVTECH device(IP camera/NVR/DVR) and is prone to multiple vulnerabilities.

This vulnerability was known to be exploited by the IoT Botnet 'Reaper' in 2017.

Vulnerability Insight:
Multiple flaws are due to:

- HTTPS is used without certificate verification.

- Under the '/cgi-bin/nobody' folder every CGI script can be accessed
without authentication.

- The web interface does not use any CSRF protection.

- Every user password is stored in clear text.

- The cgi_query action in Search.cgi performs HTML requests with the wget
system command, which uses the received parameters without sanitization
or verification.

- The captcha verification is bypassed if the login requests contain the
login=quick parameter.

- No verification or white list-based checking of the parameter of the
DoShellCmd function in ActionD daemon in 'adcommand.cgi' script.

- The video player plugins are stored as .cab files in the web root, which can
be accessed and downloaded without authentication.

- The web server sends the file without processing it when a cab file is
requested.

- The devices that support the Avtech cloud contain CloudSetup.cgi, which can
be accessed after authentication.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to execute arbitrary system commands with root privileges, to bypass
authentication, to access sensitive information and to conduct MITM attack.

Affected Software/OS:
Avtech device (IP camera, NVR, DVR) with
firmware version as mentioned in the referenced links.

Solution:
No known solution was made available for at least one year since the disclosure of this vulnerability.
Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

CVSS Score:
9.4

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:N

Copyright Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.809067
Kategorie:	Web application abuses
Titel:	AVTECH Devices Multiple Vulnerabilities
Zusammenfassung:	This host is installed with an; AVTECH device(IP camera/NVR/DVR) and is prone to multiple vulnerabilities.;; This vulnerability was known to be exploited by the IoT Botnet 'Reaper' in 2017.
Beschreibung:	Summary: This host is installed with an AVTECH device(IP camera/NVR/DVR) and is prone to multiple vulnerabilities. This vulnerability was known to be exploited by the IoT Botnet 'Reaper' in 2017. Vulnerability Insight: Multiple flaws are due to: - HTTPS is used without certificate verification. - Under the '/cgi-bin/nobody' folder every CGI script can be accessed without authentication. - The web interface does not use any CSRF protection. - Every user password is stored in clear text. - The cgi_query action in Search.cgi performs HTML requests with the wget system command, which uses the received parameters without sanitization or verification. - The captcha verification is bypassed if the login requests contain the login=quick parameter. - No verification or white list-based checking of the parameter of the DoShellCmd function in ActionD daemon in 'adcommand.cgi' script. - The video player plugins are stored as .cab files in the web root, which can be accessed and downloaded without authentication. - The web server sends the file without processing it when a cab file is requested. - The devices that support the Avtech cloud contain CloudSetup.cgi, which can be accessed after authentication. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary system commands with root privileges, to bypass authentication, to access sensitive information and to conduct MITM attack. Affected Software/OS: Avtech device (IP camera, NVR, DVR) with firmware version as mentioned in the referenced links. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 9.4 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N
Copyright	Copyright (C) 2016 Greenbone Networks GmbH