Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-25749 PoC — 多款 Rubetek 产品处理逻辑问题漏洞

Source
https://github.com/jet-pentest/CVE-2020-25749
Associated Vulnerability
Title:多款 Rubetek 产品处理逻辑问题漏洞 (CVE-2020-25749)
Description:Rubetek cameras RV-3406等都是俄罗斯Rubetek的产品。Rubetek cameras RV-3406是一款照相机。Rubetek cameras RV-3409是一款摄相机。Rubetek cameras RV-3411是一款摄像机。 Rubetek cameras telnet服务存在安全漏洞,攻击者可利用该漏洞以一个高特权帐户完全控制设备。该漏洞的存在是因为系统帐户有默认和静态密码。无法禁用Telnet服务,且无法通过标准功能更改此密码。以下版本及产品受到影响:RV-3406
Description
CVE-2020-25749
Readme
## CVE-2020-25749

[Suggested description]
The Telnet service of Rubetek cameras RV-3406,
RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote
attacker to take full control of the device with a high-privileged
account. The vulnerability exists because a system account has a
default and static password. The Telnet service cannot be disabled and this
password cannot be changed via standard functionality.
------------------------------------------
[Additional Information]
A letter was sent to the vendor about the vulnerability.
------------------------------------------
[VulnerabilityType Other]
CWE-798: Use of Hard-coded Credentials
------------------------------------------
[Vendor of Product]
Rubetek (https://rubetek.com/)
------------------------------------------
[Affected Product Code Base]
Camera RV-3406 - Firmware version 339 and 342 are affected. There are no fixed versions
Camera RV-3409 - Firmware version 339 and 342 are affected. There are no fixed versions
Camera RV-3411 - Firmware version 339 and 342 are affected. There are no fixed versions
------------------------------------------
[Affected Component]
Telnet service
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Impact Denial of Service]
true
------------------------------------------
[Impact Escalation of Privileges]
true
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
Anyone with network access to cameras can connect to the Telnet service using a telnet client using the default password and get shell with root privileges.
------------------------------------------
[Discoverer]
Sergey Zelensky (Jet Infosystems, jet.su)
------------------------------------------
[Reference]
https://jet.su
File Snapshot

 [4.0K]  /data/pocs/4adea0b50aa7cc90b141706ebcb37c19459eaf05
└── [1.9K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.