BEWARD N100 H.264 VGA IP Camera Arbitrary File Disclosure Scanner
Detects 'Arbitrary File Disclosure' vulnerability in BEWARD N100 H.264 VGA IP Camera affects v. M2.1.6.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
10 days 17 hours
Scan only one
URL
Toolbox
-
BEWARD N100 H.264 VGA IP Camera is widely used in security systems for monitoring and surveillance purposes. This compact color IP camera is commonly deployed in various environments including residential, commercial, and industrial settings. It is a sought-after device for its ability to connect to networks, providing a real-time video feed. Developed by BEWARD, the camera comes with features such as motion detection, night vision, and remote access. It caters to the needs of users who require reliable and continuous surveillance. Its design emphasizes functionality and ease of integration with existing security systems.
The security vulnerability detected in the BEWARD N100 H.264 VGA IP Camera is categorized as Arbitrary File Disclosure. This vulnerability arises when the camera's system fails to properly verify input parameters, which can be exploited to access sensitive files. The affected endpoint involves the READ.filePath parameter in the fileread script. The vulnerability enables unauthorized actors to read arbitrary files using absolute paths. It poses a significant risk to affected systems as critical information can be exposed.
The vulnerability in BEWARD N100 IP Camera originates from inadequate validation of input parameters in the system's CGI commands. The vulnerable endpoint is the fileread script, specifically the READ.filePath parameter. This flaw allows attackers to bypass authentication and access files by inserting an absolute path. When exploited, this vulnerability can be used to retrieve the contents of sensitive files such as configuration files or user credentials. Furthermore, such exploitation could leverage the SendCGICMD API to enhance the attack vector.
Exploitation of this vulnerability enables unauthorized disclosure of crucial system files, potentially leading to severe security breaches. Attackers could use disclosed files to gain further access or execute additional malicious actions. Sensitive information such as passwords, configurations, and system data could be exposed, elevating the risks of unauthorized control over the device. This breach may extend its impacts to connected systems or networks. Ultimately, it can disrupt the integrity and confidentiality of surveillance systems relying on these cameras.
REFERENCES
