- Configuration wanscam serial number#
- Configuration wanscam update#
- Configuration wanscam software#
- Configuration wanscam code#
Lrwxrwxrwx 1 root 0 22 Oct 27 02:11 system.ini -> /system/www/system.ini Lrwxrwxrwx 1 root 0 22 Oct 27 02:11 system-b.ini -> /system/www/system.ini Lrwxrwxrwx 1 root 0 23 Oct 27 02:11 network.ini -> /system/www/network.ini Lrwxrwxrwx 1 root 0 23 Oct 27 02:11 network-b.ini -> /system/www/network.ini Lrwxrwxrwx 1 root 0 30 Oct 27 02:11 factoryparam.ini -> /system/param/factoryparam.ini Lrwxrwxrwx 1 root 0 25 Oct 27 02:11 factory.ini -> /system/param/factory.ini
Configuration wanscam update#
Thus, these cameras are likely affected by a pre-auth RCE as root: Update (Mar 16, 2017): Following the strong requests from a specific vendor, It can be used to execute the RCE as root. My tests have shown that the InfoLeak affecting the custom http server running on the camera affects at least 1250+ camera models. The vulnerabilities in the Cloud management affect a lot of P2P or "Cloud" cameras.
Configuration wanscam code#
Specific development around GoAhead is responsible for the cause of vulnerabilities.īecause of code reusing, the vulnerabilities are present in a huge list of cameras (especially the InfoLeak and the RCE), GoAhead stated that GoAhead itself is not affected by the vulnerabilities but the OEM vendor who did the custom and The OEM vendors used a custom version of GoAhead and added vulnerable code inside. Interface is different for each vendor but shares the same vulnerabilities. So, cameras are sold under different names, brands and functions. Wireless IP Camera (P2) WIFICAM is one of the branded cameras.
Configuration wanscam software#
The buyer companies resell them with custom software development and specific branding. It seems that a generic camera is being sold by a Chinese company in bulk (OEM) and
This camera is very similar to a lot of other Chinese cameras. The Wireless IP Camera (P2) WIFICAM is a camera overall badly designed with a lot of vulnerabilities. The Wireless IP Camera (P2P) WIFICAM is a Chinese web camera which allows to stream remotely. Then, the attacker can automaticaly bruteforce the credentials of cameras.
Configuration wanscam serial number#
The "Cloud" protocol establishes clear-text UDP tunnels (in order to bypass NAT and firewalls) between an attacker and cameras by using only the serial number of the targeted camera. TL DR: by analysing the security of a camera, I found a pre-auth RCE as root against 1250 camera models.