SSD Advisory – Vacron NVR Remote Command Execution
Credit to Author: SSD / Maor Schwartz| Date: Sun, 08 Oct 2017 06:49:20 +0000
Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
Vulnerability Summary
The following advisory describes a remote command execution vulnerability.
VACRON Specializing in “various types of mobile monitoring, CCTV monitoring system, IP remote image monitoring system monitoring and other related production, and can accept ODM, OEM and other customized orders, the main products: driving recorder, CCTV analog monitoring system, CMS, IP Cam, etc.”
Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Vendor response
We tried to contact Vacron since September 5 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for the vulnerability.
Vulnerability details
User controlled input is not sufficiently sanitized when passed to board.cgi.
board.cgi receives a parameter as input. When we pass cmd as a parameter input, we will execute arbitrary commands.
Proof of Concept